| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Umleitung auf gefakte SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.10.2015, 13:59
| #1 |
| |  Umleitung auf gefakte Seiten Liebe Admins, liebe Forum-User, das Forum kenne ich schon länger, da ich immer mal wieder Rat gebraucht hab mit dem PC. Das ist auch mein Hauptproblem: Ich bin astreiner PC-Verwender und hab vom Innenleben keinen Schimmer. Seit ein paar Tagen werde ich beim Versuch, in meinen Bank-Account einzusteigen, immer auf eine Fake-Seite umgeleitet (siehe Snipping-Tools Pics im Anhang). Man erkennt sie am schlechten Deutsch und kleinen UNterschieden zur Originalseite. Außerdem ist das https nicht grün unterlegt. Bein Eingabe eines Codes erscheint ein Timer, der von drei rückwärts zählt. Reicht das schon für einen Verdacht für einen von euch? Wenn nicht, dann bitte ich um leicht verständliche Anweisung wie weiter zu verfahren ist, da ich, wie gesagt, absolut kein Techniker bin ... Würde mich freuen, wenn mir jemand helfen kann :-) Gruß, Kelvin |
|
05.10.2015, 14:14
| #2 |
| /// the machine /// TB-Ausbilder    | Umleitung auf gefakte Seiten hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.10.2015, 15:54
| #3 |
| | Antwort an Schrauber Danke erstmal für die Hilfe, Schrauber!
__________________Mein Text war ein bißchen reduziert, vielleicht ist auch noch interessant, dass ich den Kaspersky auf dem PC drauf habe. Ein vollständiger Scan verlief negativ, ebenso mit Ad-Aware und MBar. Anbei die Dateien, um die Du mich ersucht hast. LG, Kelvin |
|
05.10.2015, 20:49
| #4 |
| | FRST.txt. und Addition.txt [Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:04-10-2015 durchgeführt von Daniela und Roland (2015-10-05 16:43:50) Gestartet von C:\Users\Daniela und Roland\Downloads Windows Vista (TM) Home Premium Service Pack 2 (X64) (2009-04-09 17:49:23) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3433068400-1824330424-1932280774-500 - Administrator - Disabled) Daniela und Roland (S-1-5-21-3433068400-1824330424-1932280774-1000 - Administrator - Enabled) => C:\Users\Daniela und Roland Gast (S-1-5-21-3433068400-1824330424-1932280774-501 - Limited - Disabled) UpdatusUser (S-1-5-21-3433068400-1824330424-1932280774-1005 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619} AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4} AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162} FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft) AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.) Adobe Reader X (10.1.15) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated) Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - ) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArtRage 2 (HKLM-x32\...\{19862E4F-6080-47C8-A3AC-AF9F0D39F1AB}) (Version: 2.5.20 - Ambient Design) AusLogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 1.5 - Auslogics Software Pty Ltd) Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery) awinterscene_3274380 Screen Saver (HKLM-x32\...\awinterscene_3274380) (Version: - ) BookCoverPro (remove only) (HKLM-x32\...\BookCoverPro) (Version: - ) Box Shot 3D (HKLM-x32\...\Box Shot 3D) (Version: 2.13 - www.BoxShot3D.com) Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - ) Canon MP610 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series) (Version: - ) Canon MP610 series Benutzerregistrierung (HKLM-x32\...\Canon MP610 series Benutzerregistrierung) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.7.1893 - CDBurnerXP) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.53 - Cliqz.com) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Corel KPT Collection (HKLM-x32\...\_{5ACF958F-3106-4F13-B947-FC6DF23E1A53}) (Version: 1.0.0.103 - Corel Corporation) Corel KPT Collection (x32 Version: 1.0.0.103 - Ihr Firmenname) Hidden Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation) Corel Painter Photo Essentials 4 (HKLM-x32\...\_{707EB912-C597-49D8-9460-46CC9AB03EBE}) (Version: - Corel Corporation) Corel Painter Photo Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation) Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden Creative Content (x32 Version: 1.0.0.103 - Corel Corporation) Hidden Creative Content (x32 Version: 1.0.0.103 - Ihr Firmenname) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Direkt Foto System 3.x (HKLM-x32\...\Direktfotosystem2_is1) (Version: - ) Duden Korrektor Patch 012009 (HKLM-x32\...\{8AEBFD30-B94F-4A49-8106-03039708BDD4}) (Version: 6.00.1000 - Bibliographisches Institut & F.A. Brockhaus AG) Duden Korrektor PLUS (HKLM-x32\...\InstallShield_{910BEE2C-3C2F-4DC0-9FF0-61DD5F5E8E47}) (Version: 4.00.1301.00 - Duden) Duden Korrektor PLUS (x32 Version: 4.00.1301.00 - Duden) Hidden Duden Korrektor PLUS Update (HKLM-x32\...\{36B107C0-F8AD-42D5-B0CD-58035C5A4B47}) (Version: 6.00.00 - Bibliographisches Institut & F.A. Brockhaus AG) Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden Enfocus PitStop Professional (HKLM-x32\...\{44AD5510-AD14-4B1F-8D26-44EC45779D55}) (Version: 8.5 - Enfocus Software) Explorer View (HKLM-x32\...\Explorer View_is1) (Version: 4.0.0.42 - GetData Pty Ltd) File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ACHTUNG Final Media Player 2012 (HKLM-x32\...\FinalMediaPlayer_is1) (Version: 2012.10.9.0 - Bitberry Software) <==== ACHTUNG Firebird 2.1.1.17910 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.1.17910 - Firebird Project) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG) Flux Player (HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Flux Player) (Version: 3.5.2.3516 - ) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Freemake Video Converter Version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation) Funmoods (HKLM-x32\...\funmoods) (Version: - ) <==== ACHTUNG Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) gs_x86 (HKLM-x32\...\{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}) (Version: 8.64 - MAY-Computer) HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{D8057953-CCF0-48B3-B61D-762C580B2A10}) (Version: 25.0.571.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden ICA (x32 Version: 16.1.0.48 - Corel Corporation) Hidden Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - ) IPM_PSP_COM (x32 Version: 16.1.0.48 - Corel Corporation) Hidden IPM_PSP_COM64 (Version: 16.1.0.48 - Corel Corporation) Hidden Jacquie Lawson Advent Calendar (HKLM-x32\...\JacquieLawsonAdventCalendar) (Version: 1.0.1 - MicroCourt Limited) Jacquie Lawson Advent Calendar (x32 Version: 1.0.1 - MicroCourt Limited) Hidden Jacquie Lawson Alpine Advent Calendar (HKLM-x32\...\JLAdventCalendarAlpine2012) (Version: 1.0.2 - MicroCourt Limited) Jacquie Lawson Alpine Advent Calendar (x32 Version: 1.0.2 - MicroCourt Limited) Hidden Jacquie Lawson Christmas Market (HKLM-x32\...\com.jacquielawson.marketadventcalendar2014) (Version: 1.0.1 - MicroCourt Limited) Jacquie Lawson Christmas Market (x32 Version: 1.0.1 - MicroCourt Limited) Hidden Jacquie Lawson Edwardian Advent Calendar (HKLM-x32\...\JLAdventCalendarEdwardian2013) (Version: 1.0.1 - MicroCourt Limited) Jacquie Lawson Edwardian Advent Calendar (x32 Version: 1.0.1 - MicroCourt Limited) Hidden Jacquie Lawson London Advent Calendar (HKLM-x32\...\JLAdventCalendarLondon2011) (Version: 1.5.2 - MicroCourt Limited) Jacquie Lawson London Advent Calendar (x32 Version: 1.5.2 - MicroCourt Limited) Hidden Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab) Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden Kernel EML Viewer ver 11.05.01 (HKLM-x32\...\Kernel EML Viewer_is1) (Version: - Lepide Software Pvt.Ltd.) Kindle Previewer (HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\KindlePreviewer) (Version: 2.94 - Amazon) KnockOut 2 (HKLM-x32\...\KnockOut 2) (Version: - ) LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation) LohnSteuer-Experte 2015 - NEWS-Edition (HKLM-x32\...\LohnSteuer-Experte 2015_is1) (Version: 21.3.0 - haude electronica verlag) MagicTunePremium (HKLM-x32\...\{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}) (Version: 2.0.09 - Samsung Electronics Ltd.) MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG) MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG) MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Xtreme Web Designer 5 5.0.1.8242 (D) (HKLM-x32\...\MAGIX Xtreme Web Designer 5 D) (Version: 5.0.1.8242 - MAGIX AG) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - ) Motorola Driver Installation 3.2.0 (HKLM\...\{A7B9041E-9635-4AFF-BB1E-EFAF490A231B}) (Version: 3.2.0 - Motorola Inc.) Motorola Phone Tools (HKLM-x32\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.1.2a 02-8-2006 - Avanquest Software) Mozilla Firefox 41.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MultiScreen (HKLM-x32\...\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}) (Version: 1.00.0000 - Samsung Electronics Ltd.) MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version: - ) Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia Software Updater (HKLM-x32\...\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}) (Version: 3.0.560 - Nokia Corporation) Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia) Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.4.5 - ) NVIDIA 3D Vision Controller-Treiber 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 295.73 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Office-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.4 - Bibliographisches Institut & F.A. Brockhaus AG) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PDF-XChange 4 Pro (HKLM\...\PDF-XChange 4 Pro_is1) (Version: - Tracker Software) Personal Trainer (HKLM-x32\...\Personal Trainer_is1) (Version: 3.1.0.2 - Dietmar Stupka) PHOTORECOVERY LE (HKLM-x32\...\{8D03A164-B586-4318-AFE6-870A5E2739C1}) (Version: 1.0.0 - LC Technology International) PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Plan4You Easy (HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\2725311078.plan4youeasy.haude.at) (Version: - plan4youeasy.haude.at) Private Coach (HKLM-x32\...\{23A594B5-E099-430A-84DF-2D1AE37507F9}) (Version: 2.6.0 - Digital Environment) PSPPContent (x32 Version: 16.1.0.48 - Corel Corporation) Hidden PSPPHelp (x32 Version: 16.1.0.48 - Corel Corporation) Hidden PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Recover My Photos (HKLM-x32\...\Recover My Photos_is1) (Version: 3.7.2.442 - GetData Pty Ltd) ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.) SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.1.1.0 - Seagate Technology) Setup (x32 Version: 16.1.0.48 - Ihr Firmenname) Hidden Sicherheitsupdate für Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Stifttablett (HKLM-x32\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.) streamWriter (HKLM-x32\...\streamWriter_is1) (Version: - ) Sudoku (HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\e3626db9ef6c8cdc) (Version: 4.8.1.1 - Clemens Pichl) Sweet Home 3D version 3.5 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks) TBS Cover Editor 1.7.1 Beta (HKLM-x32\...\TBS Cover Editor_is1) (Version: - trueboxshot.com) TuneUp Utilities 2007 (HKLM-x32\...\{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}) (Version: 6.0.2200 - TuneUp Software) UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version: - Wicked & Wild Inc.) UPC Fiber Power Optimizer (HKLM-x32\...\UPC Fiber Power Optimizer) (Version: - UPC Broadband) UPC Fiber Power Optimizer (x32 Version: 2.0.0.3 - UPC Broadband) Hidden UPC Install Master (HKLM-x32\...\UPC Install Master) (Version: - UPC Telekabel GmbH) UPC Install Master (x32 Version: 1.0.0.110 - UPC Telekabel GmbH) Hidden VideoCam Suite 2.0 (HKLM-x32\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 2.00.043.1031 - Panasonic Corporation) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) Wondershare Video Converter Platinum(Build 4.4.2.0) (HKLM-x32\...\Wondershare Video Converter Platinum_is1) (Version: - Wondershare Software) XMedia Recode Version 3.2.0.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.4 - XMedia Recode) XnView 1.99.1 (HKLM-x32\...\XnView_is1) (Version: 1.99.1 - Gougelet Pierre-e) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\Application\45.0.2454.101\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> C:\Windows\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{CB58FF31-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files (x86)\MAGIX\Xtreme_Web_Designer_5\WebDesigner.exe (Xara Group Ltd.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files (x86)\MAGIX\Xtreme_Web_Designer_5\WebDesigner.exe (Xara Group Ltd.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> kein Dateipfad CustomCLSID: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> kein Dateipfad ==================== Wiederherstellungspunkte ========================= 17-09-2015 12:08:56 Geplanter Prüfpunkt 18-09-2015 09:29:51 Geplanter Prüfpunkt 19-09-2015 09:42:34 Geplanter Prüfpunkt 20-09-2015 15:19:54 Geplanter Prüfpunkt 21-09-2015 09:11:10 Geplanter Prüfpunkt 22-09-2015 09:16:08 Geplanter Prüfpunkt 23-09-2015 09:44:20 Geplanter Prüfpunkt 24-09-2015 09:25:43 Geplanter Prüfpunkt 26-09-2015 12:00:41 Geplanter Prüfpunkt 27-09-2015 10:16:25 Geplanter Prüfpunkt 28-09-2015 21:38:04 Geplanter Prüfpunkt 30-09-2015 10:16:23 Geplanter Prüfpunkt 01-10-2015 09:25:52 Geplanter Prüfpunkt 02-10-2015 12:14:30 Geplanter Prüfpunkt 03-10-2015 12:53:41 Geplanter Prüfpunkt 04-10-2015 01:28:54 Geplanter Prüfpunkt 05-10-2015 09:08:28 Geplanter Prüfpunkt ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - \Microsoft\Windows\MobilePC\TMM -> Keine Datei <==== ACHTUNG Task: {0C5B3549-B830-43B7-9020-086EB3DA32CC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3433068400-1824330424-1932280774-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {0D9E36B1-8116-4F23-8AAD-1D3D1EBBB314} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] () Task: {1D8D9D14-CAB2-46F2-B7D2-C0630FBD25E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core => C:\Users\Daniela und Roland\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {3ACE0E4C-2E65-41DE-8F71-E0AF8C3764DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {5469EC7E-9F46-4BD5-8069-FE1DCCCD2306} - System32\Tasks\{63B2EA5C-3600-4AB3-AEDA-4755B5302A84} => pcalua.exe -a "C:\Users\Daniela und Roland\AppData\Roaming\loadtbs\uninstall.exe" Task: {5A07DFFE-4E22-43E3-885F-2C17D833F226} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3433068400-1824330424-1932280774-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {660FD19E-7957-4480-B983-2B90E0183161} - System32\Tasks\{35460B38-6C88-43ED-9493-08226D110373} => pcalua.exe -a E:\INSTMSI.EXE -d E:\ Task: {90AF8EA8-28FB-4C05-8C26-B171717E4EEF} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2014-05-27] ( ) <==== ACHTUNG Task: {AF0D1F24-B7C5-429F-88DE-111C49122AED} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation) Task: {B0150C41-D372-463F-9CC6-B455D124C4DB} - System32\Tasks\1-Klick-Wartung => C:\Program Files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26] (TuneUp Software GmbH) Task: {C1B53E5B-22ED-4964-AB10-F4A9E7D94939} - System32\Tasks\Final Media Player Update Checker => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-09-02] (Bitberry Software) Task: {C46DA23A-D170-4275-AEFF-2677BD96F8F9} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ACHTUNG Task: {D96D5755-EC76-4F02-AB40-F3888960299E} - System32\Tasks\QtraxPlayer => 3574479941.portal.qtrax.com Task: {EA50B3A4-93BA-4C8C-BF90-B3B68285674B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Daniela und Roland => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation) Task: {EB60785A-B724-440C-87F2-BD9F5E11C084} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated) Task: {EE709DEB-EAC4-47FD-A119-1C9C4CC366BA} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-05-06] (FTA ApS) <==== ACHTUNG Task: {F530F9A4-2B70-4629-A115-FB1B2B091C20} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA => C:\Users\Daniela und Roland\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core.job => C:\Users\Daniela und Roland\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA.job => C:\Users\Daniela und Roland\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2010-02-14 02:24 - 2009-11-12 14:48 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 ____N () C:\Windows\SysWOW64\PSIService.exe 2015-08-27 15:57 - 2015-08-27 15:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe 2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll 2015-09-12 09:41 - 2015-09-01 15:41 - 00074752 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll 2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:2E0A12A9 AlternateDataStreams: C:\ProgramData\TEMP:CD5BCD16 ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0) Windows Firewall ist deaktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Daniela und Roland\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{2E0ADFEF-D6FF-4760-87C9-E480AC6301AC}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{9302A4A3-2951-4219-A63C-647BE4E75F53}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{176707DB-3D85-4737-8119-23C17A36217A}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{555DDA19-DA56-476C-A147-E07C5429A1BB}] => (Allow) C:\Program Files (x86)\UPC Austria\Install Master\UPC_Install_Master.exe FirewallRules: [{EEF2191F-4636-402E-9450-C4704EFEE0C0}] => (Allow) C:\Program Files (x86)\UPC Austria\Install Master\UPC_Install_Master.exe FirewallRules: [{59A69843-0AF2-46F8-B6D0-E9ABB7550CCB}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe FirewallRules: [{4C2F27F1-274A-41CC-8538-66AD04CF261D}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe FirewallRules: [{D028336D-60B3-41B1-9733-4B2E3AFF553E}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe FirewallRules: [{16D04896-DAE3-484E-A9BA-120A217BD797}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe FirewallRules: [{DE392887-14E9-4EEF-AF46-84CE728A4AF1}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe FirewallRules: [{9F9508F7-34D0-4112-99BE-872EFD084F81}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe FirewallRules: [{CDB6287D-6133-4501-90AB-90F7C8583470}] => (Allow) LPort=80 FirewallRules: [{158415EF-FCB0-4BEE-B386-5FC06061B225}] => (Allow) LPort=80 FirewallRules: [{64CBA38E-01DB-4A7E-8F2C-65F7A029C5E6}] => (Allow) LPort=80 FirewallRules: [{33D98C89-E387-4076-8912-93724C8EA1A0}] => (Allow) C:\Program Files (x86)\UPC Austria\Install Master\UPC_Install_Master.exe FirewallRules: [{14C9FDD0-86B1-462A-9427-32C75135DDB7}] => (Allow) C:\Program Files (x86)\UPC Austria\Install Master\UPC_Install_Master.exe FirewallRules: [{33A89399-4206-4DFC-BAAC-7C4D439B82EA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{FA7604A3-7DD9-46FC-8FD9-9C3B1A3B2406}] => (Allow) C:\Users\DANIEL~1\AppData\Local\Temp\softonic_ssk_conduit.exe FirewallRules: [{851C0453-59B5-44C7-88E9-E9B210CE3992}] => (Allow) C:\Users\DANIEL~1\AppData\Local\Temp\ibtmpf564504\component_567 FirewallRules: [{3B8A54B6-006E-4F88-9732-69CA69B2C4D2}] => (Allow) C:\Users\DANIEL~1\AppData\Local\Temp\ibtmpf564504\Uninstall Manager.exe FirewallRules: [{618BA22D-091C-4C26-BB9C-F1CA64237A49}] => (Allow) C:\Users\DANIEL~1\AppData\Local\Temp\ibtmpf564504\component_514.decrpt FirewallRules: [{6CEB00B6-1DE8-47EA-B62C-26C32D5C11B1}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe FirewallRules: [{48939B5B-0399-408A-B14B-B2FD8AF757E4}] => (Allow) C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe FirewallRules: [{67D0C498-8248-48A2-8801-01E30FEC0045}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe FirewallRules: [{AEF50A2D-8BF5-42EA-9BB0-FF0DBA93FD31}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{2DB2084E-7CA0-47DF-A528-2E47B46B9079}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{C5DAB0BC-0223-430F-AF5D-F0B54B234864}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe FirewallRules: [{6AF2688B-F2DB-4859-B4A2-46288F301F6F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{C72A5E7E-5F66-45E9-BC43-D92F40954777}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe FirewallRules: [{F2B63811-E3E7-4591-821B-CF344A960F1A}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe FirewallRules: [{DE780976-CF97-4787-8F9E-BD17C1A43A34}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe FirewallRules: [{9B12F846-DC5B-45EA-A502-8FA83600EE45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{48E0CCAD-66C7-411E-B2BE-D896FE1CEED4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{434D729E-9139-4ED3-A048-87140514AF00}] => (Allow) C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Microsoft-6zu4-Adapter #2 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-6zu4-Adapter #5 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-6zu4-Adapter #6 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: USB-EasyTransfer-Kabel Description: USB-EasyTransfer-Kabel Class Guid: {bc103702-dd72-406f-9b28-95c868337b59} Manufacturer: Microsoft Service: winusb Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (10/05/2015 07:31:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2015 11:01:21 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (10/04/2015 11:01:21 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (10/04/2015 11:00:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2015 05:48:17 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed AA11.; Hr = 0x81000101). Error: (10/04/2015 05:48:17 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c29f384d-252d-11de-b042-806e6f6e6963} - 0000000000000158,0x0053c008,00000000001D0100,0,00000000001A91A0,4096,[0])". hr = 0x80070079. Vorgang: EndPrepareSnapshots wird verarbeitet Kontext: Ausführungskontext: System Provider Error: (10/04/2015 05:27:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\CONFIG.MSI\3643C5D.RBS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/04/2015 05:27:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\CONFIG.MSI\3643C5D.RBS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/04/2015 05:26:34 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed AA11.; Hr = 0x81000101). Error: (10/04/2015 05:26:34 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c29f384d-252d-11de-b042-806e6f6e6963} - 000000000000013C,0x0053c008,00000000001D0100,0,00000000001A91A0,4096,[0])". hr = 0x80070079. Vorgang: EndPrepareSnapshots wird verarbeitet Kontext: Ausführungskontext: System Provider Systemfehler: ============= Error: (10/05/2015 04:33:03 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CARDEA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1E696DDE-A347-4581-90D4-EB14D5935E09}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (10/05/2015 04:31:17 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CARDEA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1E696DDE-A347-4581-90D4-EB14D5935E09}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (10/05/2015 04:29:33 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CARDEA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1E696DDE-A347-4581-90D4-EB14D5935E09}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (10/05/2015 12:41:01 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CARDEA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1E696DDE-A347-4581-90D4-EB14D5935E09}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (10/05/2015 07:58:09 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CARDEA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1E696DDE-A347-4581-90D4-EB14D5935E09}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (10/05/2015 07:32:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (10/05/2015 07:32:42 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Error: (10/05/2015 07:31:38 AM) (Source: Print) (EventID: 23) (User: NT-AUTORITÄT) Description: Der Drucker BoD easyPrint DE,0 konnte nicht initialisiert werden, da der Treiber "BoD Printer DE" nicht gefunden wurde. Die neuen Druckereinstellungen, die Sie angegeben haben, sind bislang wirkungslos geblieben. Installieren Sie den Druckertreiber neu. Möglicherweise müssen Sie sich mit dem Hersteller in Verbindung setzen, um einen aktualisierten Treiber zu erhalten. Error: (10/04/2015 11:04:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (10/04/2015 11:04:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 CodeIntegrity: =================================== Date: 2015-10-05 16:43:42.015 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:41.749 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:41.484 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:41.219 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:17.554 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:17.273 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:17.008 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:16.743 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:16.399 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-10-05 16:43:16.134 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz Prozentuale Nutzung des RAM: 62% Installierter physikalischer RAM: 4093.27 MB Verfügbarer physikalischer RAM: 1533.72 MB Summe virtueller Speicher: 12496.65 MB Verfügbarer virtueller Speicher: 9472.33 MB ==================== Laufwerke ================================ Drive c: (BOOT) (Fixed) (Total:911.5 GB) (Free:575.02 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:5.85 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 2BAB359D) Partition 1: (Active) - (Size=911.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended) ==================== Ende von Addition.txt ============================] [ FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
durchgeführt von Daniela und Roland (Administrator) auf DANIELAUNDRO-PC (05-10-2015 16:42:57)
Gestartet von C:\Users\Daniela und Roland\Downloads
Geladene Profile: Daniela und Roland (Verfügbare Profile: Daniela und Roland & UpdatusUser)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-01] ()
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Run: [] => [X]
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Run: [Google Update] => C:\Users\Daniela und Roland\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AutoLaunch] => C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
AutoConfigURL: [S-1-5-21-3433068400-1824330424-1932280774-1000] => https://tonnelrock.net/tonnel.js
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E696DDE-A347-4581-90D4-EB14D5935E09}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M20649E55-6B02-404A-A83C-4C675D9BF5AD&SearchSource=55&CUI=&UM=6&UP=SPE239E2F9-1F6E-466D-AA9D-4971867B8430&SSPV=
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=B4160022433AA3D1
SearchScopes: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> {6C517933-136C-68DA-9F8B-60855441A838} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=b416cc2e0000000000000022433aa3d1
SearchScopes: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> {7F4EF142-8773-43BB-A817-B8DDE3140AC7} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll [2012-10-06] (Funmoods BHO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-02] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-02] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2009-11-08] (Microsoft Corporation)
Toolbar: HKLM-x32 - Kein Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Keine Datei
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll [2012-10-06] (Funmoods)
Toolbar: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-08-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> Kein Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Keine Datei
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
FireFox:
========
FF ProfilePath: C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\9mch73dn.default-1420982496311
FF NewTab: www.google.at
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Daniela und Roland\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012-09-16] (InfiniAd GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-03] (Apple Inc.)
FF Extension: New Tab Homepage - C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\9mch73dn.default-1420982496311\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-10-04]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2015-10-02]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-10-02]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-10-02]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-10-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-10-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-10-02]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-09]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-05-11]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-05-11]
FF HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\lnxv6hi8.default\extensions\cliqz@cliqz.com => nicht gefunden
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.at/
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR Profile: C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
CHR Extension: (Google Docs) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-10]
CHR Extension: (Google Drive) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-10]
CHR Extension: (YouTube) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-10]
CHR Extension: (Freemake Video Downloader) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-11-09]
CHR Extension: (Adblock Plus) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-16]
CHR Extension: (Google-Suche) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-10]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-09-16]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-11-09]
CHR Extension: (Google Tabellen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-10]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Browser Companion Helper) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie [2014-11-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (No History) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-11-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-11-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Google Mail) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-10]
CHR Extension: (Anti-Banner) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-09-16]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\DANIEL~1\AppData\Local\funmoods.crx [2012-10-06]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\DANIEL~1\AppData\Local\funmoods-speeddial_sf.crx [2012-10-06]
CHR HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\DANIEL~1\AppData\Local\funmoods.crx [2012-10-06]
CHR HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\DANIEL~1\AppData\Local\funmoods-speeddial_sf.crx [2012-10-06]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\DANIEL~1\AppData\Local\funmoods.crx [2012-10-06]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\DANIEL~1\AppData\Local\funmoods-speeddial_sf.crx [2012-10-06]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [ibgfbdggapddbjjbopabhlhianklajie] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2011-11-29]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-04-09] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-01] (Freemake) [Datei ist nicht signiert]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-09-01] (Ellora Assets Corp.) [Datei ist nicht signiert]
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [Datei ist nicht signiert]
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-10] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [68640 2009-06-09] (Lavasoft AB)
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [Datei ist nicht signiert]
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
U3 DfSdkS; kein ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-05 16:42 - 2015-10-05 16:43 - 00030454 _____ C:\Users\Daniela und Roland\Downloads\FRST.txt
2015-10-05 16:42 - 2015-10-05 16:43 - 00000000 ____D C:\FRST
2015-10-05 16:41 - 2015-10-05 16:42 - 02193920 _____ (Farbar) C:\Users\Daniela und Roland\Downloads\FRST64.exe
2015-10-05 07:37 - 2015-10-05 10:26 - 00000000 ____D C:\mbar
2015-10-04 23:19 - 2015-10-04 23:19 - 00000000 ___DC C:\ProgramData\Malwarebytes
2015-10-04 23:18 - 2015-10-05 10:56 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-04 23:18 - 2015-10-05 10:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 23:18 - 2015-10-05 10:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-04 23:17 - 2015-10-05 00:05 - 00000000 ____D C:\Users\Daniela und Roland\Desktop\mbar
2015-10-04 23:17 - 2015-10-04 23:17 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Daniela und Roland\Downloads\mbar-1.09.3.1001.exe
2015-10-04 22:59 - 2015-10-04 22:59 - 00274544 _____ C:\Windows\Minidump\Mini100415-02.dmp
2015-10-04 17:48 - 2015-10-04 17:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-10-04 17:48 - 2015-10-04 17:48 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\LavasoftStatistics
2015-10-04 17:26 - 2015-10-04 17:26 - 00000000 ____D C:\Program Files\Lavasoft
2015-10-04 17:04 - 2015-10-04 17:04 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-10-04 16:44 - 2015-07-18 15:14 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-04 16:27 - 2015-10-04 16:27 - 02012464 _____ C:\Users\Daniela und Roland\Downloads\Adaware_Installer_11.8.exe
2015-10-04 16:02 - 2015-10-04 16:02 - 00347816 _____ (Microsoft Corporation) C:\Users\Daniela und Roland\Downloads\MicrosoftFixit.Devices.RNP.Run.exe
2015-10-04 11:11 - 2015-10-04 11:11 - 08997592 _____ C:\Users\Daniela und Roland\Downloads\USBDrivers_2311.exe
2015-10-04 10:31 - 2015-10-04 10:53 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Garmin_Ltd._or_its_subsid
2015-10-04 00:50 - 2015-10-04 22:59 - 876145236 _____ C:\Windows\MEMORY.DMP
2015-10-04 00:50 - 2015-10-04 00:50 - 00274544 _____ C:\Windows\Minidump\Mini100415-01.dmp
2015-10-04 00:35 - 2015-10-04 00:35 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\dlg
2015-10-03 22:17 - 2015-10-03 22:17 - 00380416 _____ C:\Users\Daniela und Roland\Downloads\e73f19hl.exe
2015-10-03 22:16 - 2015-10-03 22:16 - 00520768 _____ C:\Users\Daniela und Roland\Downloads\e73f19hl_CB-DL-Manager.exe
2015-10-03 21:35 - 2015-10-03 21:35 - 00243872 _____ C:\Users\Daniela und Roland\Downloads\Firefox Setup Stub 41.0.1.exe
2015-10-02 22:49 - 2015-10-03 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-21 20:34 - 2015-09-21 20:34 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-12 09:38 - 2015-09-12 09:38 - 01271880 _____ (Ellora Assets Corporation ) C:\Users\Daniela und Roland\Downloads\FreemakeVideoDownloaderSetup(1).exe
2015-09-11 15:40 - 2015-09-11 15:40 - 00004718 _____ C:\Users\Daniela und Roland\Downloads\bod-logo-126-60.svg
2015-09-09 20:31 - 2015-07-10 16:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 20:31 - 2015-07-10 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 20:15 - 2015-09-02 23:26 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 20:15 - 2015-09-02 23:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 20:15 - 2015-09-02 23:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 20:15 - 2015-09-02 23:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 20:15 - 2015-08-13 16:36 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-09 20:15 - 2015-08-13 16:36 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-09 20:09 - 2015-09-02 23:26 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 20:09 - 2015-09-02 23:25 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 20:09 - 2015-09-02 22:17 - 02797056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 20:09 - 2015-09-02 22:16 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 20:09 - 2015-09-02 21:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 20:09 - 2015-08-05 17:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 08:08 - 2015-08-17 19:56 - 17890304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 08:08 - 2015-08-17 19:53 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 08:08 - 2015-08-17 19:49 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 08:08 - 2015-08-17 19:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 08:08 - 2015-08-17 19:47 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 08:08 - 2015-08-17 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 08:08 - 2015-08-17 19:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 08:08 - 2015-08-17 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 08:08 - 2015-08-17 19:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 08:08 - 2015-08-17 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-09 08:08 - 2015-08-17 19:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-09 08:08 - 2015-08-17 19:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 08:08 - 2015-08-17 19:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 08:08 - 2015-08-17 19:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 08:08 - 2015-08-17 19:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 08:08 - 2015-08-17 19:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 08:08 - 2015-08-17 19:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 08:08 - 2015-08-17 19:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 08:08 - 2015-08-17 19:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 08:08 - 2015-08-17 19:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-09-09 08:08 - 2015-08-17 19:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-09-09 08:08 - 2015-08-17 19:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-05 16:39 - 2012-08-28 23:35 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2015-10-05 16:34 - 2012-04-03 08:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-05 15:56 - 2012-09-16 20:22 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA.job
2015-10-05 15:29 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-05 15:29 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-05 12:36 - 2008-01-21 03:53 - 01324091 _____ C:\Windows\WindowsUpdate.log
2015-10-05 07:36 - 2008-01-21 13:10 - 01567488 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-05 07:36 - 2008-01-21 13:09 - 00674024 _____ C:\Windows\system32\perfh007.dat
2015-10-05 07:36 - 2008-01-21 13:09 - 00146036 _____ C:\Windows\system32\perfc007.dat
2015-10-05 07:34 - 2013-02-12 00:51 - 00000436 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2015-10-05 07:34 - 2009-04-09 20:32 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\WTablet
2015-10-05 07:29 - 2009-07-26 10:34 - 00000000 ___DC C:\ProgramData\NVIDIA
2015-10-05 07:29 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 00:06 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-04 23:53 - 2013-02-12 00:51 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2015-10-04 22:59 - 2015-07-01 10:42 - 00000000 ____D C:\Windows\Minidump
2015-10-04 19:56 - 2012-09-16 20:22 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core.job
2015-10-04 19:03 - 2009-04-09 22:06 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\Lavasoft
2015-10-04 16:27 - 2009-06-09 20:12 - 00000000 ___DC C:\ProgramData\Lavasoft
2015-10-04 11:53 - 2009-04-09 19:52 - 00000000 ____D C:\Users\Daniela und Roland
2015-10-04 10:52 - 2014-09-21 20:29 - 00000000 ___DC C:\ProgramData\Package Cache
2015-10-04 10:31 - 2012-07-07 20:14 - 00000000 ___DC C:\ProgramData\Garmin
2015-10-04 10:31 - 2012-06-19 10:24 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-10-04 10:31 - 2009-11-13 21:08 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-10-04 10:30 - 2014-09-21 20:30 - 00003552 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-10-04 00:50 - 2015-07-05 10:30 - 00002750 _____ C:\Windows\PFRO.log
2015-10-04 00:50 - 2013-04-29 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-03 21:40 - 2013-04-29 23:54 - 00000904 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-02 17:46 - 2009-04-09 21:51 - 00000442 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2015-09-27 19:28 - 2012-09-14 17:57 - 00000000 ____D C:\Users\Daniela und Roland\2) Rolands Eigene Ordner
2015-09-25 13:44 - 2015-07-01 15:20 - 00004502 _____ C:\Windows\setupact.log
2015-09-21 20:34 - 2012-04-03 08:44 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 20:34 - 2012-04-03 08:44 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 20:34 - 2011-05-17 10:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-19 11:10 - 2009-04-10 21:17 - 00002659 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2015-09-18 19:51 - 2012-09-16 20:22 - 00004172 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA
2015-09-18 19:51 - 2012-09-16 20:22 - 00003776 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core
2015-09-16 14:50 - 2009-04-10 21:17 - 00002695 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2015-09-15 14:39 - 2009-06-06 20:09 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Google
2015-09-12 10:21 - 2015-04-04 23:45 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\CrashDumps
2015-09-12 09:41 - 2014-05-11 12:17 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-09-10 09:16 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2015-09-10 08:59 - 2015-03-24 12:00 - 00422824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 22:35 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 22:35 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 20:30 - 2013-08-15 09:59 - 00000000 ____D C:\Windows\system32\MRT
2015-09-05 20:39 - 2012-08-08 10:40 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Paint.NET
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-05-23 18:59 - 2009-05-23 18:59 - 0031728 _____ () C:\Program Files\AidaSerif.ttf
2009-05-23 18:58 - 2009-05-23 18:58 - 0031004 _____ () C:\Program Files\AidaSerifBold.ttf
2009-05-10 20:33 - 2009-05-10 20:33 - 0061776 _____ () C:\Program Files\FORTE.ttf
2013-03-10 17:18 - 2013-03-10 17:18 - 0000071 _____ () C:\Users\Daniela und Roland\AppData\Roaming\Camdata.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0000408 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamLayout.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0000408 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamShapes.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0004416 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamStudio.cfg
2009-04-11 11:14 - 2011-08-14 21:03 - 0031858 _____ () C:\Users\Daniela und Roland\AppData\Roaming\UserTile.png
2010-04-19 18:46 - 2011-04-27 08:01 - 0000580 ____C () C:\Users\Daniela und Roland\AppData\Local\45D86D82.il
2009-05-10 17:40 - 2009-05-10 17:40 - 0000552 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d8caps.dat
2009-07-25 19:15 - 2012-04-15 12:16 - 0000680 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d9caps.dat
2009-04-09 19:52 - 2010-08-01 11:36 - 0000732 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d9caps64.dat
2009-04-09 21:23 - 2015-04-29 11:07 - 0240128 _____ () C:\Users\Daniela und Roland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-14 18:46 - 2011-11-14 18:46 - 0373176 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistMSI3C32.txt
2010-08-24 18:23 - 2010-08-24 18:23 - 0423558 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistMSI3D0C.txt
2011-11-14 18:46 - 2011-11-14 18:46 - 0012328 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistUI3C32.txt
2010-08-24 18:23 - 2010-08-24 18:23 - 0011472 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistUI3D0C.txt
2009-06-20 20:50 - 2009-06-20 20:50 - 0000545 ____C () C:\Users\Daniela und Roland\AppData\Local\DrCoverRenderingSettings.cfg
2012-10-06 19:21 - 2012-10-06 19:21 - 0290500 ____C () C:\Users\Daniela und Roland\AppData\Local\funmoods-speeddial_sf.crx
2012-10-06 19:21 - 2012-10-06 19:21 - 0031465 ____C () C:\Users\Daniela und Roland\AppData\Local\funmoods.crx
2011-07-26 20:17 - 2011-07-26 20:17 - 0000275 ____C () C:\Users\Daniela und Roland\AppData\Local\HamsterVideoConverterSettings.cfg
2010-04-19 18:46 - 2011-04-27 08:01 - 0000280 ____C () C:\Users\Daniela und Roland\AppData\Local\IndexIE_45D86D82.il
2014-07-12 17:21 - 2014-07-12 17:38 - 111684871 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #1.mp3
2014-07-12 17:11 - 2014-07-12 17:12 - 188888559 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #1.mp4
2014-07-12 17:38 - 2014-07-12 17:48 - 81285319 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #2.mp3
2014-07-12 17:12 - 2014-07-12 17:15 - 472108016 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #2.mp4
2012-05-08 23:27 - 2012-05-08 23:27 - 0017408 ____C () C:\Users\Daniela und Roland\AppData\Local\WebpageIcons.db
2013-09-15 17:34 - 2013-09-15 17:34 - 0000057 ____C () C:\ProgramData\Ament.ini
2009-04-18 17:50 - 2009-05-21 20:27 - 0000088 _RSHC () C:\ProgramData\C4CB9AD0B0.sys
2011-08-04 17:18 - 2011-08-04 18:34 - 0000386 ____C () C:\ProgramData\DriverTool.log
2009-04-09 21:28 - 2015-04-04 15:18 - 0003402 ___SH () C:\ProgramData\KGyGaAvL.sys
2009-07-26 10:34 - 2012-03-06 19:29 - 0142890 ____C () C:\ProgramData\nvModes.001
2009-07-26 10:34 - 2012-03-06 19:29 - 0142890 ____C () C:\ProgramData\nvModes.dat
Einige Dateien in TEMP:
====================
C:\Users\Daniela und Roland\AppData\Local\Temp\NEventMessages.dll
C:\Users\Daniela und Roland\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-05 07:40
==================== Ende von FRST.txt ============================
] |
|
06.10.2015, 17:14
| #5 |
| /// the machine /// TB-Ausbilder | Umleitung auf gefakte Seiten So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2015, 07:14
| #6 |
| | Combofix - Ergebnis Hallo Schrauber, hier das Combofix-Ergebnis, lief soweit alles glatt: LG, Kelvin Code:
ATTFilter ComboFix 15-10-06.01 - Daniela und Roland 07.10.2015 22:11:11.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4093.1641 [GMT 2:00]
ausgeführt von:: c:\users\Daniela und Roland\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Ad-Aware Antivirus *Disabled/Outdated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\BCHelper.exe
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll
c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe
c:\program files (x86)\Funmoods\1.5.23.22\Sqlite3.dll
c:\program files (x86)\Funmoods\1.5.23.22\uninst.dat
c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
c:\programdata\C4CB9AD0B0.sys
c:\users\Daniela und Roland\AppData\Roaming\convert\convert.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-09-07 bis 2015-10-07 ))))))))))))))))))))))))))))))
.
.
2015-10-07 20:27 . 2015-10-07 21:40 -------- dc----w- c:\users\Daniela und Roland\AppData\Local\temp
2015-10-07 20:27 . 2015-10-07 20:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-10-07 20:27 . 2015-10-07 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-07 19:45 . 2015-10-07 19:45 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-10-05 14:42 . 2015-10-05 14:44 -------- d-----w- C:\FRST
2015-10-05 05:37 . 2015-10-05 08:26 -------- d-----w- C:\mbar
2015-10-04 21:19 . 2015-10-04 21:19 -------- dc----w- c:\programdata\Malwarebytes
2015-10-04 21:18 . 2015-10-05 08:56 -------- dc----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-10-04 21:18 . 2015-10-05 08:27 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-04 21:18 . 2015-10-05 08:27 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-04 15:48 . 2015-10-04 15:48 -------- d-----w- c:\users\Daniela und Roland\AppData\Roaming\LavasoftStatistics
2015-10-04 15:26 . 2015-10-04 15:26 -------- d-----w- c:\program files\Lavasoft
2015-10-04 15:04 . 2015-10-04 15:04 -------- d-----w- c:\program files\Common Files\Lavasoft
2015-10-04 08:31 . 2015-10-04 08:53 -------- dc----w- c:\users\Daniela und Roland\AppData\Local\Garmin_Ltd._or_its_subsid
2015-10-03 22:35 . 2015-10-03 22:35 -------- d-----w- c:\users\Daniela und Roland\AppData\Roaming\dlg
2015-09-21 18:34 . 2015-09-21 18:34 18819272 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-09-12 07:41 . 2015-09-12 07:41 -------- d-----w- c:\program files (x86)\Common Files\Freemake Shared
2015-09-09 18:31 . 2015-07-10 14:31 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-09 18:31 . 2015-07-10 14:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-09-09 18:30 . 2015-08-05 15:58 940032 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-09-09 18:30 . 2015-08-05 15:42 1823232 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-09 18:30 . 2015-08-05 15:42 1506816 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-09-09 18:30 . 2015-08-05 15:42 1482752 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-09-09 18:30 . 2015-08-05 15:42 1455104 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-09-09 18:30 . 2015-08-05 14:42 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-09-09 18:15 . 2015-08-13 14:36 450560 ----a-w- c:\windows\system32\drivers\srv.sys
2015-09-09 18:15 . 2015-08-13 14:36 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-09-09 18:15 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-09-09 18:15 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-09-09 18:15 . 2015-09-02 21:26 1796096 ----a-w- c:\windows\system32\msxml6.dll
2015-09-09 18:15 . 2015-09-02 21:26 1875968 ----a-w- c:\windows\system32\msxml3.dll
2015-09-09 18:09 . 2015-08-05 15:43 855552 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-09 18:09 . 2015-09-02 21:26 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-09 18:09 . 2015-09-02 21:25 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-09-09 18:09 . 2015-09-02 20:17 2797056 ----a-w- c:\windows\system32\win32k.sys
2015-09-09 18:09 . 2015-09-02 20:16 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-09 18:09 . 2015-09-02 19:54 297472 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-21 18:34 . 2012-04-03 06:44 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-21 18:34 . 2011-05-17 08:08 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-02 13:39 . 2012-12-08 14:15 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-26 16:37 . 2006-11-02 12:35 134753440 ----a-w- c:\windows\system32\mrt.exe
2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-08-04 21:53 . 2015-08-04 21:53 872528 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 21:53 . 2015-08-04 21:53 681552 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 21:46 . 2015-08-12 07:45 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-07-31 21:46 . 2015-08-12 07:45 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-07-31 21:46 . 2015-08-12 07:45 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-07-31 21:46 . 2015-08-12 07:45 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-07-31 21:44 . 2015-08-12 07:45 287232 ----a-w- c:\windows\system32\d3d10core.dll
2015-07-31 21:44 . 2015-08-12 07:45 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-07-31 21:44 . 2015-08-12 07:45 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2015-07-31 21:44 . 2015-08-12 07:45 1268224 ----a-w- c:\windows\system32\d3d10.dll
2015-07-31 21:10 . 2015-08-12 07:45 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-31 21:09 . 2015-08-12 07:45 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2015-07-31 21:00 . 2015-08-12 07:45 834048 ----a-w- c:\windows\system32\d2d1.dll
2015-07-31 20:59 . 2015-08-12 07:45 1561088 ----a-w- c:\windows\system32\DWrite.dll
2015-07-31 20:59 . 2015-08-12 07:45 1154560 ----a-w- c:\windows\system32\FntCache.dll
2015-07-31 20:41 . 2015-08-12 07:45 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-31 20:40 . 2015-08-12 07:45 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-07-31 20:35 . 2015-08-12 07:45 682496 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-07-31 20:33 . 2015-08-12 07:45 1072640 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-31 20:03 . 2015-08-12 08:05 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 19:27 . 2015-08-12 08:05 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 20:59 . 2015-08-12 07:59 1586304 ----a-w- c:\windows\system32\ntdll.dll
2015-07-21 20:59 . 2015-08-12 07:59 1168600 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-07-21 15:50 . 2015-08-12 07:59 68544 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-21 15:50 . 2015-08-12 07:59 4690880 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-21 15:50 . 2015-08-12 07:59 154048 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-07-21 15:41 . 2015-08-12 07:59 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-21 15:40 . 2015-08-12 07:59 399360 ----a-w- c:\windows\system32\emdmgmt.dll
2015-07-21 15:40 . 2015-08-12 07:59 85504 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-18 15:41 . 2015-08-12 08:03 80384 ----a-w- c:\windows\system32\basesrv.dll
2015-07-11 17:13 . 2015-08-12 08:04 12901888 ----a-w- c:\windows\system32\shell32.dll
2015-07-10 19:37 . 2015-08-12 08:05 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-10 19:35 . 2015-08-12 08:05 2425344 ----a-w- c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-08 08:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2015-09-03 09:07 457504 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-09-11 1403192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"ProductUpdater"="c:\program files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe" [2015-09-01 74752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" /T=3 /CHI=ibgfbdggapddbjjbopabhlhianklajie
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2015-10-02 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 18:08]
.
2015-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:34]
.
2015-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core.job
- c:\users\Daniela und Roland\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:44]
.
2015-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA.job
- c:\users\Daniela und Roland\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2015-09-03 09:08 489760 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe" [2015-08-27 9558752]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M20649E55-6B02-404A-A83C-4C675D9BF5AD&SearchSource=55&CUI=&UM=6&UP=SPE239E2F9-1F6E-466D-AA9D-4971867B8430&SSPV=
mStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
FF - ProfilePath - c:\users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\9mch73dn.default-1420982496311\
FF - prefs.js: browser.startup.homepage - www.google.at
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-AutoLaunch - c:\program files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-BsScanner
AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
AddRemove-KnockOut 2 - c:\windows\IsUn0407.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
AddRemove-2725311078.plan4youeasy.haude.at - c:\program files (x86)\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\SysWOW64\conime.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-10-07 23:50:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-10-07 21:50
.
Vor Suchlauf: 18 Verzeichnis(se), 611.769.057.280 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 611.800.625.152 Bytes frei
.
- - End Of File - - DCD5B58E2C1D2D6EC3DD10A0C1BF9806
5C616939100B85E558DA92B899A0FC36
Die gefakten Seiten sind weg, ich kann alle Seiten wieder normal aufrufen! Aber heißt das schon, dass der Trojaner weg ist ...? Ich habe, wie angewiesen, zwei Programme entfernt ===> die markierten und dann combofix durchlaufen lassen. Bin gespannt, was Du sagst :-) LG, Kelvin |
|
08.10.2015, 19:25
| #7 |
| /// the machine /// TB-Ausbilder | Umleitung auf gefakte Seiten Nee, wir haben noch Arbeit  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.10.2015, 22:28
| #8 |
| | Umleitung auf gefakte Seiten FRST log: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
durchgeführt von Daniela und Roland (Administrator) auf DANIELAUNDRO-PC (09-10-2015 23:19:42)
Gestartet von C:\Users\Daniela und Roland\Downloads
Geladene Profile: Daniela und Roland (Verfügbare Profile: Daniela und Roland & UpdatusUser)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-01] ()
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E696DDE-A347-4581-90D4-EB14D5935E09}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-02] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-02] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-10] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-08-17] (Microsoft Corporation)
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
FireFox:
========
FF ProfilePath: C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\9mch73dn.default-1420982496311
FF NewTab: www.google.at
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Daniela und Roland\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-03] (Apple Inc.)
FF Extension: New Tab Homepage - C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\9mch73dn.default-1420982496311\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-10-04]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2015-10-02]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-10-02]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-10-02]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-10-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-10-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-10-02]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-09]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-05-11]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-05-11]
FF HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\lnxv6hi8.default\extensions\cliqz@cliqz.com => nicht gefunden
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.at/
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR Profile: C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
CHR Extension: (Google Docs) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-10]
CHR Extension: (Google Drive) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-10]
CHR Extension: (YouTube) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-10]
CHR Extension: (Freemake Video Downloader) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-11-09]
CHR Extension: (Adblock Plus) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-16]
CHR Extension: (Google-Suche) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-10]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-09-16]
CHR Extension: (Google Tabellen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-10]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (No History) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-11-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-11-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Google Mail) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-10]
CHR Extension: (Anti-Banner) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-09-16]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
StartMenuInternet: Google Chrome.IZLNHVAYFLJSMXW3USTZBJVMAM - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project) [Datei ist nicht signiert]
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-04-09] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-01] (Freemake) [Datei ist nicht signiert]
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-09-01] (Ellora Assets Corp.) [Datei ist nicht signiert]
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [Datei ist nicht signiert]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; kein ImagePath
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-10] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [68640 2009-06-09] (Lavasoft AB)
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [Datei ist nicht signiert]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 DfSdkS; kein ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-09 23:19 - 2015-10-09 23:19 - 00000000 ____D C:\Users\Daniela und Roland\Downloads\FRST-OlderVersion
2015-10-09 15:59 - 2015-10-09 15:59 - 00003195 _____ C:\Users\Daniela und Roland\Desktop\JRT.txt
2015-10-09 15:26 - 2015-10-09 15:39 - 00000000 ____D C:\AdwCleaner
2015-10-09 15:23 - 2015-10-09 15:23 - 01682432 ____C C:\Users\Daniela und Roland\Desktop\adwcleaner_5.013.exe
2015-10-09 15:21 - 2015-10-09 15:21 - 00036780 _____ C:\Users\Daniela und Roland\Desktop\mbam.txt
2015-10-09 12:03 - 2015-10-09 12:25 - 00000939 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-09 12:03 - 2015-10-09 12:03 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-10-09 12:03 - 2015-10-09 12:03 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-10-09 12:03 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-09 12:03 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-09 11:33 - 2015-10-09 11:34 - 00172995 ____C C:\Users\Daniela und Roland\Downloads\1441065600000265838.zip
2015-10-08 22:25 - 2015-10-08 22:25 - 01798976 ____C (Malwarebytes) C:\Users\Daniela und Roland\Desktop\JRT.exe
2015-10-08 22:24 - 2015-10-08 22:24 - 24345872 ____C (Malwarebytes Corporation ) C:\Users\Daniela und Roland\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-07 23:50 - 2015-10-07 23:50 - 00021870 _____ C:\ComboFix.txt
2015-10-07 22:08 - 2015-10-07 23:51 - 00000000 ____D C:\ComboFix
2015-10-07 22:08 - 2015-10-07 23:50 - 00000000 ____D C:\Qoobox
2015-10-07 22:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-07 22:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-07 22:08 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-07 22:07 - 2015-10-07 23:44 - 00000000 ____D C:\Windows\erdnt
2015-10-07 21:59 - 2015-10-07 21:59 - 05635766 ____R (Swearware) C:\Users\Daniela und Roland\Desktop\ComboFix.exe
2015-10-07 21:45 - 2015-10-09 12:24 - 00001103 _____ C:\Users\Daniela und Roland\Desktop\Revo Uninstaller.lnk
2015-10-07 21:45 - 2015-10-07 21:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-07 21:44 - 2015-10-07 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Daniela und Roland\Downloads\revosetup95.exe
2015-10-05 16:43 - 2015-10-05 16:44 - 00054201 _____ C:\Users\Daniela und Roland\Downloads\Addition.txt
2015-10-05 16:42 - 2015-10-09 23:19 - 00024130 _____ C:\Users\Daniela und Roland\Downloads\FRST.txt
2015-10-05 16:42 - 2015-10-09 23:19 - 00000000 ____D C:\FRST
2015-10-05 16:41 - 2015-10-09 23:19 - 02194944 _____ (Farbar) C:\Users\Daniela und Roland\Downloads\FRST64.exe
2015-10-05 07:37 - 2015-10-05 10:26 - 00000000 ____D C:\mbar
2015-10-04 23:19 - 2015-10-09 12:03 - 00000000 ___DC C:\ProgramData\Malwarebytes
2015-10-04 23:18 - 2015-10-09 15:45 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 23:18 - 2015-10-05 10:56 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-04 23:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-04 23:17 - 2015-10-04 23:17 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Daniela und Roland\Downloads\mbar-1.09.3.1001.exe
2015-10-04 22:59 - 2015-10-04 22:59 - 00274544 _____ C:\Windows\Minidump\Mini100415-02.dmp
2015-10-04 16:44 - 2015-07-18 15:14 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-04 16:27 - 2015-10-04 16:27 - 02012464 _____ C:\Users\Daniela und Roland\Downloads\Adaware_Installer_11.8.exe
2015-10-04 16:02 - 2015-10-04 16:02 - 00347816 _____ (Microsoft Corporation) C:\Users\Daniela und Roland\Downloads\MicrosoftFixit.Devices.RNP.Run.exe
2015-10-04 11:11 - 2015-10-04 11:11 - 08997592 _____ C:\Users\Daniela und Roland\Downloads\USBDrivers_2311.exe
2015-10-04 10:31 - 2015-10-04 10:53 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Garmin_Ltd._or_its_subsid
2015-10-04 00:50 - 2015-10-04 22:59 - 876145236 _____ C:\Windows\MEMORY.DMP
2015-10-04 00:50 - 2015-10-04 00:50 - 00274544 _____ C:\Windows\Minidump\Mini100415-01.dmp
2015-10-04 00:35 - 2015-10-04 00:35 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\dlg
2015-10-03 22:17 - 2015-10-03 22:17 - 00380416 _____ C:\Users\Daniela und Roland\Downloads\e73f19hl.exe
2015-10-03 22:16 - 2015-10-03 22:16 - 00520768 _____ C:\Users\Daniela und Roland\Downloads\e73f19hl_CB-DL-Manager.exe
2015-10-03 21:35 - 2015-10-03 21:35 - 00243872 _____ C:\Users\Daniela und Roland\Downloads\Firefox Setup Stub 41.0.1.exe
2015-10-02 22:49 - 2015-10-03 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-21 20:34 - 2015-09-21 20:34 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-11 15:40 - 2015-09-11 15:40 - 00004718 _____ C:\Users\Daniela und Roland\Downloads\bod-logo-126-60.svg
2015-09-09 20:31 - 2015-07-10 16:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 20:31 - 2015-07-10 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 20:15 - 2015-09-02 23:26 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 20:15 - 2015-09-02 23:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 20:15 - 2015-09-02 23:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 20:15 - 2015-09-02 23:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 20:15 - 2015-08-13 16:36 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-09 20:15 - 2015-08-13 16:36 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-09 20:09 - 2015-09-02 23:26 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 20:09 - 2015-09-02 23:25 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 20:09 - 2015-09-02 22:17 - 02797056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 20:09 - 2015-09-02 22:16 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 20:09 - 2015-09-02 21:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 20:09 - 2015-08-05 17:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 08:08 - 2015-08-17 19:56 - 17890304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 08:08 - 2015-08-17 19:53 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 08:08 - 2015-08-17 19:49 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 08:08 - 2015-08-17 19:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 08:08 - 2015-08-17 19:47 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 08:08 - 2015-08-17 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 08:08 - 2015-08-17 19:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 08:08 - 2015-08-17 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 08:08 - 2015-08-17 19:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 08:08 - 2015-08-17 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-09 08:08 - 2015-08-17 19:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-09 08:08 - 2015-08-17 19:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-09 08:08 - 2015-08-17 19:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 08:08 - 2015-08-17 19:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 08:08 - 2015-08-17 19:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 08:08 - 2015-08-17 19:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 08:08 - 2015-08-17 19:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 08:08 - 2015-08-17 19:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 08:08 - 2015-08-17 19:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 08:08 - 2015-08-17 19:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 08:08 - 2015-08-17 19:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-09-09 08:08 - 2015-08-17 19:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-09-09 08:08 - 2015-08-17 19:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-09-09 08:08 - 2015-08-17 19:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-09 22:56 - 2012-09-16 20:22 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA.job
2015-10-09 22:39 - 2012-08-28 23:35 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2015-10-09 22:34 - 2012-04-03 08:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 21:57 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 21:57 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 19:56 - 2012-09-16 20:22 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core.job
2015-10-09 18:31 - 2009-04-10 21:17 - 00002659 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2015-10-09 18:02 - 2009-04-09 21:51 - 00000442 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2015-10-09 18:01 - 2008-01-21 03:53 - 01401426 _____ C:\Windows\WindowsUpdate.log
2015-10-09 17:16 - 2009-06-28 15:17 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KnockOut 2
2015-10-09 15:50 - 2008-01-21 13:10 - 01567488 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-09 15:50 - 2008-01-21 13:09 - 00674024 _____ C:\Windows\system32\perfh007.dat
2015-10-09 15:50 - 2008-01-21 13:09 - 00146036 _____ C:\Windows\system32\perfc007.dat
2015-10-09 15:45 - 2009-04-09 20:32 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\WTablet
2015-10-09 15:43 - 2015-07-05 10:30 - 00008112 _____ C:\Windows\PFRO.log
2015-10-09 15:43 - 2009-07-26 10:34 - 00000000 ___DC C:\ProgramData\NVIDIA
2015-10-09 15:43 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 15:40 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-09 12:25 - 2014-11-28 14:21 - 00000908 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Christmas Market.lnk
2015-10-09 12:25 - 2014-03-08 20:43 - 00002118 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Coach.lnk
2015-10-09 12:25 - 2013-11-07 14:05 - 00000998 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Edwardian Advent Calendar.lnk
2015-10-09 12:25 - 2013-04-29 23:54 - 00000904 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-09 12:25 - 2012-12-08 16:21 - 00002425 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-10-09 12:25 - 2012-11-10 20:37 - 00000968 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Alpine Advent Calendar.lnk
2015-10-09 12:25 - 2012-10-06 19:42 - 00000894 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2015-10-09 12:25 - 2012-08-08 10:41 - 00001006 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-10-09 12:25 - 2011-11-19 22:06 - 00001088 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jacquie Lawson London Advent Calendar.lnk
2015-10-09 12:25 - 2009-10-01 22:01 - 00002503 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-09 12:25 - 2009-07-26 10:19 - 00001245 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2015-10-09 12:25 - 2009-04-10 21:17 - 00002759 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2015-10-09 12:25 - 2009-04-10 21:17 - 00002699 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2015-10-09 12:25 - 2009-04-10 21:17 - 00002687 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2015-10-09 12:25 - 2009-04-09 21:51 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007.lnk
2015-10-09 12:25 - 2009-04-09 21:32 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter Photo Essentials 4.lnk
2015-10-09 12:25 - 2009-04-09 20:40 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 6.0.lnk
2015-10-09 12:25 - 2009-04-09 20:30 - 00001772 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Journal.lnk
2015-10-09 12:25 - 2009-04-09 20:30 - 00001638 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes.lnk
2015-10-09 12:25 - 2009-04-09 19:47 - 00000604 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
2015-10-09 12:25 - 2006-11-02 17:36 - 00001852 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
2015-10-09 12:25 - 2006-11-02 17:36 - 00001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-09 12:25 - 2006-11-02 17:36 - 00001770 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
2015-10-09 12:25 - 2006-11-02 17:35 - 00001757 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
2015-10-09 12:25 - 2006-11-02 17:34 - 00001950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
2015-10-09 12:25 - 2006-11-02 17:34 - 00001768 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
2015-10-09 12:25 - 2006-11-02 17:28 - 00001743 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
2015-10-09 12:25 - 2003-05-17 21:38 - 00002671 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2015-10-09 12:25 - 2003-05-17 21:38 - 00002629 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2015-10-09 12:24 - 2012-07-28 22:36 - 00002001 _____ C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plan4You Easy.lnk
2015-10-09 12:24 - 2010-05-30 12:53 - 00001179 _____ C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Program Updates.lnk
2015-10-09 12:24 - 2009-08-21 17:17 - 00000919 _____ C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-10-09 12:24 - 2009-04-10 21:17 - 00002597 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk
2015-10-09 12:24 - 2009-04-10 21:17 - 00002593 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk
2015-10-09 12:24 - 2009-04-09 19:53 - 00000954 _____ C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-09 12:24 - 2006-11-02 17:36 - 00001613 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-09 12:24 - 2006-11-02 17:25 - 00001641 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-07 23:51 - 2007-04-03 19:10 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Apps\2.0
2015-10-07 23:50 - 2009-04-10 18:59 - 00000000 ____D C:\Users\Roland.9193PHJUJKSUS6L
2015-10-07 23:50 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2015-10-07 23:50 - 2005-04-02 20:31 - 00000000 ___DC C:\Users\ROLAND~1~919
2015-10-07 23:49 - 2015-04-04 23:45 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\CrashDumps
2015-10-07 23:39 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2015-10-07 22:36 - 2006-11-02 14:33 - 89915392 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 73924608 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 100663296 _____ C:\Windows\system32\config\SYSTEM.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2015-10-07 22:27 - 2012-09-16 16:03 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\convert
2015-10-04 22:59 - 2015-07-01 10:42 - 00000000 ____D C:\Windows\Minidump
2015-10-04 16:27 - 2009-06-09 20:12 - 00000000 ___DC C:\ProgramData\Lavasoft
2015-10-04 11:53 - 2009-04-09 19:52 - 00000000 ____D C:\Users\Daniela und Roland
2015-10-04 10:52 - 2014-09-21 20:29 - 00000000 ___DC C:\ProgramData\Package Cache
2015-10-04 10:31 - 2012-07-07 20:14 - 00000000 ___DC C:\ProgramData\Garmin
2015-10-04 10:31 - 2012-06-19 10:24 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-10-04 10:31 - 2009-11-13 21:08 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-10-04 10:30 - 2014-09-21 20:30 - 00003552 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-10-04 00:50 - 2013-04-29 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-27 19:28 - 2012-09-14 17:57 - 00000000 ____D C:\Users\Daniela und Roland\2) Rolands Eigene Ordner
2015-09-25 13:44 - 2015-07-01 15:20 - 00004502 _____ C:\Windows\setupact.log
2015-09-21 20:34 - 2012-04-03 08:44 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 20:34 - 2012-04-03 08:44 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 20:34 - 2011-05-17 10:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-18 19:51 - 2012-09-16 20:22 - 00004172 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA
2015-09-18 19:51 - 2012-09-16 20:22 - 00003776 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core
2015-09-15 14:39 - 2009-06-06 20:09 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Google
2015-09-12 09:41 - 2014-05-11 12:17 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-09-10 09:16 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2015-09-10 08:59 - 2015-03-24 12:00 - 00422824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 22:35 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 22:35 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 20:30 - 2013-08-15 09:59 - 00000000 ____D C:\Windows\system32\MRT
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-05-23 18:59 - 2009-05-23 18:59 - 0031728 _____ () C:\Program Files\AidaSerif.ttf
2009-05-23 18:58 - 2009-05-23 18:58 - 0031004 _____ () C:\Program Files\AidaSerifBold.ttf
2009-05-10 20:33 - 2009-05-10 20:33 - 0061776 _____ () C:\Program Files\FORTE.ttf
2013-03-10 17:18 - 2013-03-10 17:18 - 0000071 _____ () C:\Users\Daniela und Roland\AppData\Roaming\Camdata.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0000408 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamLayout.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0000408 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamShapes.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0004416 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamStudio.cfg
2009-04-11 11:14 - 2011-08-14 21:03 - 0031858 _____ () C:\Users\Daniela und Roland\AppData\Roaming\UserTile.png
2010-04-19 18:46 - 2011-04-27 08:01 - 0000580 ____C () C:\Users\Daniela und Roland\AppData\Local\45D86D82.il
2009-05-10 17:40 - 2009-05-10 17:40 - 0000552 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d8caps.dat
2009-07-25 19:15 - 2012-04-15 12:16 - 0000680 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d9caps.dat
2009-04-09 19:52 - 2010-08-01 11:36 - 0000732 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d9caps64.dat
2009-04-09 21:23 - 2015-04-29 11:07 - 0240128 _____ () C:\Users\Daniela und Roland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-14 18:46 - 2011-11-14 18:46 - 0373176 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistMSI3C32.txt
2010-08-24 18:23 - 2010-08-24 18:23 - 0423558 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistMSI3D0C.txt
2011-11-14 18:46 - 2011-11-14 18:46 - 0012328 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistUI3C32.txt
2010-08-24 18:23 - 2010-08-24 18:23 - 0011472 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistUI3D0C.txt
2009-06-20 20:50 - 2009-06-20 20:50 - 0000545 ____C () C:\Users\Daniela und Roland\AppData\Local\DrCoverRenderingSettings.cfg
2011-07-26 20:17 - 2011-07-26 20:17 - 0000275 ____C () C:\Users\Daniela und Roland\AppData\Local\HamsterVideoConverterSettings.cfg
2010-04-19 18:46 - 2011-04-27 08:01 - 0000280 ____C () C:\Users\Daniela und Roland\AppData\Local\IndexIE_45D86D82.il
2014-07-12 17:21 - 2014-07-12 17:38 - 111684871 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #1.mp3
2014-07-12 17:11 - 2014-07-12 17:12 - 188888559 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #1.mp4
2014-07-12 17:38 - 2014-07-12 17:48 - 81285319 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #2.mp3
2014-07-12 17:12 - 2014-07-12 17:15 - 472108016 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #2.mp4
2012-05-08 23:27 - 2012-05-08 23:27 - 0017408 ____C () C:\Users\Daniela und Roland\AppData\Local\WebpageIcons.db
2013-09-15 17:34 - 2013-09-15 17:34 - 0000057 ____C () C:\ProgramData\Ament.ini
2011-08-04 17:18 - 2011-08-04 18:34 - 0000386 ____C () C:\ProgramData\DriverTool.log
2009-04-09 21:28 - 2015-04-04 15:18 - 0003402 ___SH () C:\ProgramData\KGyGaAvL.sys
2009-07-26 10:34 - 2012-03-06 19:29 - 0142890 ____C () C:\ProgramData\nvModes.001
2009-07-26 10:34 - 2012-03-06 19:29 - 0142890 ____C () C:\ProgramData\nvModes.dat
Einige Dateien in TEMP:
====================
C:\Users\Daniela und Roland\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-09 15:50
==================== Ende von FRST.txt ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 09.10.2015 Suchlaufzeit: 12:05:35 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.10.09.02 Rootkit-Datenbank: v2015.10.06.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x64 Dateisystem: NTFS Benutzer: Daniela und Roland Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 467941 Abgelaufene Zeit: 17 Min., 3 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 116 PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [5591b2a25d2ed165f08d14de976b1de3], PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [5591b2a25d2ed165f08d14de976b1de3], PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [5591b2a25d2ed165f08d14de976b1de3], PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0ed893c15a31ad89d9d937c7a2606e92], PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0ed893c15a31ad89d9d937c7a2606e92], PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0ed893c15a31ad89d9d937c7a2606e92], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\esrv.funmoodsESrvc.1, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\esrv.funmoodsESrvc, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.funmoodsESrvc, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.funmoodsESrvc, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.funmoodsESrvc.1, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.funmoodsESrvc.1, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}, In Quarantäne, [e9fd0054404b072fc6ac8f6947bb2ad6], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, In Quarantäne, [8660153fd7b4b48272026c8c2ad8d42c], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, In Quarantäne, [8660153fd7b4b48272026c8c2ad8d42c], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, In Quarantäne, [8660153fd7b4b48272026c8c2ad8d42c], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore.1, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, In Quarantäne, [677fb2a23c4f2d09aec8d42447bbf907], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, In Quarantäne, [8165c98b99f223138fea8e6a0ef4b64a], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\f, In Quarantäne, [8165c98b99f223138fea8e6a0ef4b64a], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f, In Quarantäne, [8165c98b99f223138fea8e6a0ef4b64a], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\f, In Quarantäne, [8165c98b99f223138fea8e6a0ef4b64a], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, In Quarantäne, [8165c98b99f223138fea8e6a0ef4b64a], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, In Quarantäne, [8165c98b99f223138fea8e6a0ef4b64a], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, In Quarantäne, [935363f1c5c6da5c80f30debc73b649c], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, In Quarantäne, [935363f1c5c6da5c80f30debc73b649c], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, In Quarantäne, [935363f1c5c6da5c80f30debc73b649c], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, In Quarantäne, [38ae4e06a8e39f971065de1a38ca7e82], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, In Quarantäne, [38ae4e06a8e39f971065de1a38ca7e82], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, In Quarantäne, [9f4763f1c0cbaa8c660b0eea5ba745bb], PUP.Optional.SearchProtect, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [b2344f050e7d21156e8e1ae228da718f], PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [39ad3c18018a2a0c94c426d0c240fc04], PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, In Quarantäne, [39ad3c18018a2a0c94c426d0c240fc04], PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, In Quarantäne, [39ad3c18018a2a0c94c426d0c240fc04], PUP.Optional.AppBario, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{72cabc40-64b2-46ed-8648-26d831761150}, In Quarantäne, [fbebbe96fc8fda5cfb25c82e3ac8768a], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}, In Quarantäne, [8c5adb79a0eb87afee8a3cbcb250ac54], PUP.FunMoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, In Quarantäne, [9254a6aec8c31323115efe981be93dc3], PUP.Optional.FunMoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, In Quarantäne, [d90d41136328fc3afb5a872956ae27d9], PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, In Quarantäne, [3ea869eb7912999d4810dfd12fd547b9], PUP.Optional.DataMngr, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Löschen bei Neustart, [64828cc8d7b434020bdc845e3cc8cf31], PUP.Optional.InstallBrain, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, In Quarantäne, [21c5e86c3358072f6d29c2f4de2643bd], PUP.FunMoods, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, In Quarantäne, [9f4757fd068568ceaec1d8be966e15eb], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, In Quarantäne, [e204f85cbbd0bf7766ef8b2541c34bb5], PUP.Optional.Blabbers, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ibgfbdggapddbjjbopabhlhianklajie, In Quarantäne, [7b6b44104b402d0943bacece51b36e92], PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110011501160}, In Quarantäne, [d31369eb0d7ee84e720dfbad857f29d7], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, In Quarantäne, [d214e0743556ea4c4117327e3acac43c], PUP.Optional.BabylonToolBar, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\BabylonToolbar, In Quarantäne, [8165e47069226ec899f92b7048bc8b75], PUP.Optional.Blabbers, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\Blabbers, In Quarantäne, [2abc86ceec9faf87dd850dd9ef15ee12], PUP.Optional.DataMngr, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [6c7ab1a3afdcf343984e3f69c63ef30d], PUP.Optional.InstallCore, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\InstallCore, In Quarantäne, [a04689cb92f9e4528c0f4670887cb34d], PUP.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, In Quarantäne, [10d631233b5045f1a0ce306653b133cd], PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, In Quarantäne, [3da9b69ec1caff3793bf30807094d42c], PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6C517933-136C-68DA-9F8B-60855441A838}, In Quarantäne, [46a010447219b77fec9e940761a3916f], PUP.Optional.Spigot, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EF142-8773-43BB-A817-B8DDE3140AC7}, In Quarantäne, [7c6ad183414a41f54d40b120778ded13], PUP.Optional.Wajam, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\Wajam, In Quarantäne, [dc0ac4900a812c0a14a9a2375aaac53b], PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6C517933-136C-68DA-9F8B-60855441A838}, In Quarantäne, [1accba9a68230f27c0cad6c542c22cd4], PUP.Optional.Spigot, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EF142-8773-43BB-A817-B8DDE3140AC7}, In Quarantäne, [6b7b32222e5df2443e4f755c4cb8867a], PUP.Optional.Wajam, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\Wajam, In Quarantäne, [44a2fa5aa8e3f2449e1fc8113ec6ef11], PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6C517933-136C-68DA-9F8B-60855441A838}, In Quarantäne, [e9fd054ffd8e3afcfa900f8cc63e38c8], PUP.Optional.Spigot, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EF142-8773-43BB-A817-B8DDE3140AC7}, In Quarantäne, [52941a3afc8fab8b028bb31e3dc70bf5], Registrierungswerte: 48 PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Funmoods Toolbar, In Quarantäne, [38ae4e06a8e39f971065de1a38ca7e82] PUP.Optional.LoadTubes, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [01e5a6ae1f6c0d291e2b22d72bd7629e], PUP.Optional.LoadTubes, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, îÍïß ÏÈOˆ* ˜r ƒr, In Quarantäne, [01e5a6ae1f6c0d291e2b22d72bd7629e] PUP.Optional.LoadTubes, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [01e5a6ae1f6c0d291e2b22d72bd7629e], PUP.Optional.LoadTubes, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [984ed1836229e452bc8d3abfbd4557a9], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, In Quarantäne, [3bab520294f7a98dea8b9068fe0458a8], PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, In Quarantäne, [3ea869eb7912999d4810dfd12fd547b9] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|TopResultURLFallback, hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, In Quarantäne, [5e8877dd2e5d261085d3783882823cc4] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|FaviconURL, hxxp://searchfunmoods.com/favicon.ico, In Quarantäne, [29bda0b4eaa1d36310482789d92be11f] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|FaviconPath, C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico, In Quarantäne, [1fc7361edead9d997ade1d93da2a966a] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|FaviconURLFallback, hxxp://searchfunmoods.com/favicon.ico, In Quarantäne, [db0b4410fd8ee452e573555bc73de31d] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Funmoods, In Quarantäne, [b92d193b226946f01246317f7a8a7090] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|DisplayName, Funmoods, In Quarantäne, [13d38fc5fa9175c1f266edc319eba759] PUP.Optional.BrowserProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www2.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=B4160022433AA3D1, In Quarantäne, [ad393c18f695fd392f5e68373acabf41] PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110011501160}|AppName, Savings Sidekick-bg.exe, In Quarantäne, [d31369eb0d7ee84e720dfbad857f29d7] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|DisplayName, Funmoods, In Quarantäne, [d214e0743556ea4c4117327e3acac43c] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, In Quarantäne, [33b34410b5d6ef474e0aa50b18ec9e62] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|FaviconURL, hxxp://searchfunmoods.com/favicon.ico, In Quarantäne, [f0f6f95bd3b8cc6aa7b1c3ed4aba60a0] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|TopResultURLFallback, hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, In Quarantäne, [895d73e187047abc5dfbb6fa0103f60a] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|FaviconPath, C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico, In Quarantäne, [1acc76de5734bf773028cae6d331f30d] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|FaviconURLFallback, hxxp://searchfunmoods.com/favicon.ico, In Quarantäne, [28be9db75833bd793f1917996d971ce4] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Funmoods, In Quarantäne, [c4226ce8acdfe05678e0f8b8e12349b7] PUP.Optional.Conduit, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [c2244c083f4cf541cbfa584bd03427d9] PUP.Optional.Trovi, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, In Quarantäne, [03e33d17abe044f20ce51abc4aba4ab6] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://www2.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=B4160022433AA3D1, In Quarantäne, [e1058cc8117a73c3401d4f3d877de11f] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|TopResultURLFallback, hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, In Quarantäne, [15d1074d0388340265ee5a563ec630d0] PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, In Quarantäne, [ecfa69ebeaa1e15524662972ea1abf41] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconPath, C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico, In Quarantäne, [9254fa5aa9e2d06659fac3ed17edf40c] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURLFallback, hxxp://searchfunmoods.com/favicon.ico, In Quarantäne, [8a5cc2920e7d6bcbd87b4868f80cc040] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Funmoods, In Quarantäne, [fde94e064a415adc3c171997ce3641bf] PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6C517933-136C-68DA-9F8B-60855441A838}|URL, hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=b416cc2e0000000000000022433aa3d1, In Quarantäne, [46a010447219b77fec9e940761a3916f] PUP.Optional.Spigot, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EF142-8773-43BB-A817-B8DDE3140AC7}|URL, hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}, In Quarantäne, [7c6ad183414a41f54d40b120778ded13] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://www2.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=B4160022433AA3D1, In Quarantäne, [b43275df414a0f270e4fa9e3a75da25e] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|TopResultURLFallback, hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, In Quarantäne, [f1f5c58fcbc088ae1b38911f848020e0] PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, In Quarantäne, [658174e0b2d9fc3adeacdebd62a24eb2] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconPath, C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico, In Quarantäne, [6284bf95305bad89490acce456ae9d63] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURLFallback, hxxp://searchfunmoods.com/favicon.ico, In Quarantäne, [0cdaada75536181e7cd73779778ddf21] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Funmoods, In Quarantäne, [30b6d282b9d2e15582d1218f1de78977] PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6C517933-136C-68DA-9F8B-60855441A838}|URL, hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=b416cc2e0000000000000022433aa3d1, In Quarantäne, [1accba9a68230f27c0cad6c542c22cd4] PUP.Optional.Spigot, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EF142-8773-43BB-A817-B8DDE3140AC7}|URL, hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}, In Quarantäne, [6b7b32222e5df2443e4f755c4cb8867a] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://www2.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=B4160022433AA3D1, In Quarantäne, [8462d480eaa1f93d4d107b1106fe8a76] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|TopResultURLFallback, hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, In Quarantäne, [8d59c094fd8e42f44a09b5fbd430d22e] PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, In Quarantäne, [10d644105932f046bbcff9a2b054728e] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconPath, C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico, In Quarantäne, [7571a7ad4c3f1521d87bae02d52f34cc] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURLFallback, hxxp://searchfunmoods.com/favicon.ico, In Quarantäne, [8f57e17395f6ea4c74df6a4663a13fc1] PUP.Optional.FunMoods, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Funmoods, In Quarantäne, [479fd97b6328b38355fea30de3212ed2] PUP.Optional.Babylon, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6C517933-136C-68DA-9F8B-60855441A838}|URL, hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=b416cc2e0000000000000022433aa3d1, In Quarantäne, [e9fd054ffd8e3afcfa900f8cc63e38c8] PUP.Optional.Spigot, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EF142-8773-43BB-A817-B8DDE3140AC7}|URL, hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}, In Quarantäne, [52941a3afc8fab8b028bb31e3dc70bf5] Registrierungsdaten: 5 PUP.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, Gut: (hxxp://www.google.com), Schlecht: (hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390),Ersetzt,[5096f460c1ca0a2c254aa9db7491bd43] PUP.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390, Gut: (hxxp://www.google.com), Schlecht: (hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDtAtDtByCtB0C0CtB0EtN0D0Tzu0CtBzztDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1049373390),Ersetzt,[f2f473e15932e452214e077d8a7baf51] PUP.Optional.Trovi, HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M20649E55-6B02-404A-A83C-4C675D9BF5AD&SearchSource=55&CUI=&UM=6&UP=SPE239E2F9-1F6E-466D-AA9D-4971867B8430&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M20649E55-6B02-404A-A83C-4C675D9BF5AD&SearchSource=55&CUI=&UM=6&UP=SPE239E2F9-1F6E-466D-AA9D-4971867B8430&SSPV=),Ersetzt,[b333ca8ad8b30b2be5faa5eaad589a66] PUP.Optional.StartPage, HKU\S-1-5-21-3433068400-1824330424-1932280774-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www2.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=B4160022433AA3D1, Gut: (www.google.com), Schlecht: (hxxp://www2.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=B4160022433AA3D1),Ersetzt,[6a7c67ed9eedfa3c347fb3d8dc29b54b] PUP.Optional.StartPage, HKU\S-1-5-21-3433068400-1824330424-1932280774-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www2.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=B4160022433AA3D1, Gut: (www.google.com), Schlecht: (hxxp://www2.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=B4160022433AA3D1),Ersetzt,[b82ebd974447f24405aee5a642c31de3] Ordner: 4 PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Löschen bei Neustart, [7670bd970b807cba5934e630a75c20e0], PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G, In Quarantäne, [7670bd970b807cba5934e630a75c20e0], PUP.Optional.IBUpdater, C:\ProgramData\IBUpdaterService, In Quarantäne, [3caa76deed9eb38386213bf1867d768a], PUP.Optional.IEBho, C:\Users\Daniela und Roland\AppData\LocalLow\IE-BHO, In Quarantäne, [43a396bef7943303c7efe844659ecd33], Dateien: 11 PUP.LoadTubes, C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll, In Quarantäne, [1acc93c1f09bce684b91e6c8a858ad53], PUP.Optional.OpenCandy, C:\Users\Daniela und Roland\Downloads\FreemakeVideoDownloaderSetup(1).exe, In Quarantäne, [eef854000b809d99e212c5243ec3d32d], PUP.Optional.CrossRider, C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0.localstorage-journal, In Quarantäne, [0adcdd774e3d270f6189d4d1a36141bf], PUP.Optional.FunMoods, C:\Users\Daniela und Roland\AppData\Local\funmoods-speeddial_sf.crx, In Quarantäne, [c125e4709af1ad8981cb06aa9e6652ae], PUP.Optional.FunMoods, C:\Users\Daniela und Roland\AppData\Local\funmoods.crx, In Quarantäne, [7274de76d0bbed4980cc139d8b79b848], PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z, In Quarantäne, [7670bd970b807cba5934e630a75c20e0], PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll, In Quarantäne, [7670bd970b807cba5934e630a75c20e0], PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\Setup.ini, In Quarantäne, [7670bd970b807cba5934e630a75c20e0], PUP.Optional.IBUpdater, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [3caa76deed9eb38386213bf1867d768a], PUP.Optional.IEBho, C:\Users\Daniela und Roland\AppData\LocalLow\IE-BHO\data.ini, In Quarantäne, [43a396bef7943303c7efe844659ecd33], PUP.Optional.IEBho, C:\Users\Daniela und Roland\AppData\LocalLow\IE-BHO\ie.ini, In Quarantäne, [43a396bef7943303c7efe844659ecd33], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) ADWCLEANER.txt (C)AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.013 - Bericht erstellt am 09/10/2015 um 15:39:51
# Aktualisiert am 09/10/2015 von Xplode
# Datenbank : 2015-10-09.3 [Server]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : Daniela und Roland - DANIELAUNDRO-PC
# Gestartet von : C:\Users\Daniela und Roland\Desktop\adwcleaner_5.013.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[#] Ordner Gelöscht : C:\ProgramData\apn
[#] Ordner Gelöscht : C:\ProgramData\Babylon
[#] Ordner Gelöscht : C:\Users\Daniela und Roland\music\qtrax media library
[#] Ordner Gelöscht : C:\Users\Daniela und Roland\AppData\Local\FileTypeAssistant
[#] Ordner Gelöscht : C:\Users\Daniela und Roland\AppData\Local\PackageAware
[#] Ordner Gelöscht : C:\Users\Daniela und Roland\AppData\Roaming\Babylon
[#] Ordner Gelöscht : C:\Users\Daniela und Roland\AppData\Roaming\Security Systems
[#] Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nohfdhapjjlndfgjnmdlcabloeembdkj_0.localstorage
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
[-] Task Gelöscht : LaunchSignup
[-] Task Gelöscht : QtraxPlayer
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel Gelöscht : HKCU\Software\92dfdfe76fee14
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\92dfdfe76fee14
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[!] Schlüssel Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[!] Schlüssel Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\bProtector
[-] Schlüssel Gelöscht : HKCU\Software\APN PIP
[-] Schlüssel Gelöscht : HKCU\Software\Bitberry
[-] Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
[-] Schlüssel Gelöscht : HKCU\Software\ilivid
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
[-] Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
[-] Schlüssel Gelöscht : HKCU\Software\DriverTuner
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
[!] Schlüssel Nicht Gelöscht : HKLM\SOFTWARE\Uniblue\DriverScanner
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FinalMediaPlayer_is1
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\loadtbs-3.0
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Foxy Secure
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\APN PIP
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Bitberry
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\BrowserCompanion
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\ilivid
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Softonic
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\YahooPartnerToolbar
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\DriverTuner_Init
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\DriverTuner
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Software\AppDataLow\Software\adawarebp
***** [ Internetbrowser ] *****
[-] [C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : search.babylon.com
[-] [C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : funmoods.com
[-] [C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : delta-search.com
[-] [C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : trovi.search
[-] [C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : bbjciahceamgodcoidkjpchnokgfpphh
[-] [C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : cjpglkicenollcignonpgiafdgfeehoj
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6113 Bytes] ##########
JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Daniela und Roland on 09.10.2015 at 15:54:12,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\hamstersoft
Successfully deleted: [Folder] C:\Users\Daniela und Roland\Start Menu\Programs\browser manager
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Daniela und Roland\AppData\Roaming\mozilla\firefox\profiles\9mch73dn.default-1420982496311\minidumps [1 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Daniela und Roland\Appdata\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
[C:\Users\Daniela und Roland\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Daniela und Roland\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Daniela und Roland\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Daniela und Roland\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
ehgldbbpchgpcfagfpfjgoomddhccfgh
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.10.2015 at 15:59:14,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und? Bin ich sauber? ;-) LG, Kelvin |
|
10.10.2015, 00:14
| #9 |
| /// the machine /// TB-Ausbilder | Umleitung auf gefakte Seiten Noch Kontrollscans ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2015, 20:42
| #10 |
| | Umleitung auf gefakte SeitenCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7fd4648568a8574baff7c1537b0faa35
# end=init
# utc_time=2015-10-10 04:25:18
# local_time=2015-10-10 06:25:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 26174
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7fd4648568a8574baff7c1537b0faa35
# end=updated
# utc_time=2015-10-10 04:28:11
# local_time=2015-10-10 06:28:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7fd4648568a8574baff7c1537b0faa35
# engine=26174
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-10 07:16:00
# local_time=2015-10-10 09:16:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777213 100 99 39209 136754228 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 181228482 282028466 0 0
# scanned=390346
# found=15
# cleaned=0
# scan_time=10068
sh=E143B0301069E9192C05D0AE6F3E4B860FB02436 ft=1 fh=05fe046d3cd2d617 vn="Variante von Win32/BrowserCompanion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\BrowserCompanion\BCHelper.exe.vir"
sh=1A16D7A25D9C02E92FF119838798420CD155AA31 ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\BrowserCompanion\blabbers-ch.crx.vir"
sh=242828F8DD0288145BB9EB8C38F2A9A2EF0EA135 ft=1 fh=428c243f2bfdfea1 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll.vir"
sh=F9E5E0ED68C9F4B781EAA1DE18F6469470EC0BE3 ft=1 fh=1b934398abe9b42d vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll.vir"
sh=879FCB98518EECB5A1C01402AA00E52EC5FD9C6F ft=1 fh=9387c14f65c4c2e0 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll.vir"
sh=2E611D2B6A650E670C1FF69A0CF996324F22FC5B ft=1 fh=8a02fbcb5506f7e8 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe.vir"
sh=21514ED872DD5A459A49E3835057D05BC561B2D4 ft=1 fh=b99d26c47d84c707 vn="Variante von Win32/InstallCore.ACJ evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe.vir"
sh=ABB6B390C517049F8E1C78AB3F0A43C4FD0C60DF ft=1 fh=cb4e244b88b08eb9 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll.vir"
sh=A4CB3BDB68B7A103042EC1BF5856A44B141272B6 ft=1 fh=b2312e02975f356c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniela und Roland\Documents\Waltograph Font - CHIP-Installer.exe"
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniela und Roland\Downloads\cbsidlm-cbsi213-EssentialPIM_Portable-BP-10497313.exe"
sh=B2DC30B7F41C5E7BA69A5BC0F60D3696A0EC27B8 ft=1 fh=86aacb4d6a3c86c1 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniela und Roland\Downloads\e73f19hl_CB-DL-Manager.exe"
sh=F384324A510D72F121E789F10692CFA0BBEF633B ft=1 fh=ff97886725d20c01 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniela und Roland\Downloads\EML Viewer - CHIP-Installer.exe"
sh=963F9228B3B2DDD18C624F4F84966DBC1BE695D9 ft=1 fh=95058c92cff6e91c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniela und Roland\Downloads\LibreOffice - CHIP-Installer.exe"
sh=8DC771CF767F9A497D36D587CD52369764B7C969 ft=1 fh=e99938fe9b5213f0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniela und Roland\Downloads\XMedia Recode - CHIP-Installer.exe"
sh=A4CB3BDB68B7A103042EC1BF5856A44B141272B6 ft=1 fh=b2312e02975f356c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="J:\Documents\Waltograph Font - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.009
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Kaspersky PURE 3.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2007
Java 8 Update 60
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 19.0.0.185
Adobe Reader 10.1.15 Adobe Reader out of Date!
Mozilla Firefox (41.0.1)
Google Chrome (45.0.2454.101)
Google Chrome (45.0.2454.99)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky PURE 3.0 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-10-2015
durchgeführt von Daniela und Roland (Administrator) auf DANIELAUNDRO-PC (10-10-2015 21:39:50)
Gestartet von C:\Users\Daniela und Roland\Downloads
Geladene Profile: Daniela und Roland (Verfügbare Profile: Daniela und Roland & UpdatusUser)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
() C:\Users\Daniela und Roland\Desktop\SecurityCheck.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-01] ()
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E696DDE-A347-4581-90D4-EB14D5935E09}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-02] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-02] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-10] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-3433068400-1824330424-1932280774-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-08-17] (Microsoft Corporation)
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
FireFox:
========
FF ProfilePath: C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\9mch73dn.default-1420982496311
FF NewTab: www.google.at
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniela und Roland\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3433068400-1824330424-1932280774-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Daniela und Roland\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-03] (Apple Inc.)
FF Extension: New Tab Homepage - C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\9mch73dn.default-1420982496311\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-10-04]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2015-10-02]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-10-02]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-10-02]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-10-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-10-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-10-02]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-09]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-05-11]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-05-11]
FF HKU\S-1-5-21-3433068400-1824330424-1932280774-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Daniela und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\lnxv6hi8.default\extensions\cliqz@cliqz.com => nicht gefunden
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.at/
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR Profile: C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
CHR Extension: (Google Docs) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-10]
CHR Extension: (Google Drive) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-10]
CHR Extension: (YouTube) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-10]
CHR Extension: (Freemake Video Downloader) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-11-09]
CHR Extension: (Adblock Plus) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-16]
CHR Extension: (Google-Suche) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-10]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-09-16]
CHR Extension: (Google Tabellen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-10]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (No History) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-11-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-11-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Google Mail) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-10]
CHR Extension: (Anti-Banner) - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-09-16]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
StartMenuInternet: Google Chrome.IZLNHVAYFLJSMXW3USTZBJVMAM - C:\Users\Daniela und Roland\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-04-09] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-01] (Freemake) [Datei ist nicht signiert]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-09-01] (Ellora Assets Corp.) [Datei ist nicht signiert]
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [Datei ist nicht signiert]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; kein ImagePath
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-10] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [68640 2009-06-09] (Lavasoft AB)
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [Datei ist nicht signiert]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 DfSdkS; kein ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-10 18:18 - 2015-10-10 18:19 - 00852720 ____C C:\Users\Daniela und Roland\Desktop\SecurityCheck.exe
2015-10-10 18:18 - 2015-10-10 18:18 - 02870984 ____C (ESET) C:\Users\Daniela und Roland\Downloads\esetsmartinstaller_deu.exe
2015-10-09 23:19 - 2015-10-10 21:39 - 00000000 ____D C:\Users\Daniela und Roland\Downloads\FRST-OlderVersion
2015-10-09 15:59 - 2015-10-09 15:59 - 00003195 _____ C:\Users\Daniela und Roland\Desktop\JRT.txt
2015-10-09 15:26 - 2015-10-09 15:39 - 00000000 ____D C:\AdwCleaner
2015-10-09 15:23 - 2015-10-09 15:23 - 01682432 ____C C:\Users\Daniela und Roland\Desktop\adwcleaner_5.013.exe
2015-10-09 15:21 - 2015-10-09 15:21 - 00036780 _____ C:\Users\Daniela und Roland\Desktop\mbam.txt
2015-10-09 12:03 - 2015-10-09 12:25 - 00000939 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-09 12:03 - 2015-10-09 12:03 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-10-09 12:03 - 2015-10-09 12:03 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-10-09 12:03 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-09 12:03 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-09 11:33 - 2015-10-09 11:34 - 00172995 ____C C:\Users\Daniela und Roland\Downloads\1441065600000265838.zip
2015-10-08 22:25 - 2015-10-08 22:25 - 01798976 ____C (Malwarebytes) C:\Users\Daniela und Roland\Desktop\JRT.exe
2015-10-08 22:24 - 2015-10-08 22:24 - 24345872 ____C (Malwarebytes Corporation ) C:\Users\Daniela und Roland\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-07 23:50 - 2015-10-07 23:50 - 00021870 _____ C:\ComboFix.txt
2015-10-07 22:08 - 2015-10-07 23:51 - 00000000 ____D C:\ComboFix
2015-10-07 22:08 - 2015-10-07 23:50 - 00000000 ____D C:\Qoobox
2015-10-07 22:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-07 22:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-07 22:08 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-07 22:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-07 22:07 - 2015-10-07 23:44 - 00000000 ____D C:\Windows\erdnt
2015-10-07 21:59 - 2015-10-07 21:59 - 05635766 ____R (Swearware) C:\Users\Daniela und Roland\Desktop\ComboFix.exe
2015-10-07 21:45 - 2015-10-09 12:24 - 00001103 _____ C:\Users\Daniela und Roland\Desktop\Revo Uninstaller.lnk
2015-10-07 21:45 - 2015-10-07 21:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-07 21:44 - 2015-10-07 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Daniela und Roland\Downloads\revosetup95.exe
2015-10-05 16:43 - 2015-10-05 16:44 - 00054201 _____ C:\Users\Daniela und Roland\Downloads\Addition.txt
2015-10-05 16:42 - 2015-10-10 21:39 - 00025641 _____ C:\Users\Daniela und Roland\Downloads\FRST.txt
2015-10-05 16:42 - 2015-10-10 21:39 - 00000000 ____D C:\FRST
2015-10-05 16:41 - 2015-10-10 21:39 - 02195456 _____ (Farbar) C:\Users\Daniela und Roland\Downloads\FRST64.exe
2015-10-05 07:37 - 2015-10-05 10:26 - 00000000 ____D C:\mbar
2015-10-04 23:19 - 2015-10-09 12:03 - 00000000 ___DC C:\ProgramData\Malwarebytes
2015-10-04 23:18 - 2015-10-10 18:12 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 23:18 - 2015-10-05 10:56 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-04 23:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-04 23:17 - 2015-10-04 23:17 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Daniela und Roland\Downloads\mbar-1.09.3.1001.exe
2015-10-04 22:59 - 2015-10-04 22:59 - 00274544 _____ C:\Windows\Minidump\Mini100415-02.dmp
2015-10-04 16:44 - 2015-07-18 15:14 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-04 16:44 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-04 16:27 - 2015-10-04 16:27 - 02012464 _____ C:\Users\Daniela und Roland\Downloads\Adaware_Installer_11.8.exe
2015-10-04 16:02 - 2015-10-04 16:02 - 00347816 _____ (Microsoft Corporation) C:\Users\Daniela und Roland\Downloads\MicrosoftFixit.Devices.RNP.Run.exe
2015-10-04 11:11 - 2015-10-04 11:11 - 08997592 _____ C:\Users\Daniela und Roland\Downloads\USBDrivers_2311.exe
2015-10-04 10:31 - 2015-10-04 10:53 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Garmin_Ltd._or_its_subsid
2015-10-04 00:50 - 2015-10-04 22:59 - 876145236 _____ C:\Windows\MEMORY.DMP
2015-10-04 00:50 - 2015-10-04 00:50 - 00274544 _____ C:\Windows\Minidump\Mini100415-01.dmp
2015-10-04 00:35 - 2015-10-04 00:35 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\dlg
2015-10-03 22:17 - 2015-10-03 22:17 - 00380416 _____ C:\Users\Daniela und Roland\Downloads\e73f19hl.exe
2015-10-03 22:16 - 2015-10-03 22:16 - 00520768 _____ C:\Users\Daniela und Roland\Downloads\e73f19hl_CB-DL-Manager.exe
2015-10-03 21:35 - 2015-10-03 21:35 - 00243872 _____ C:\Users\Daniela und Roland\Downloads\Firefox Setup Stub 41.0.1.exe
2015-10-02 22:49 - 2015-10-03 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-21 20:34 - 2015-09-21 20:34 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-11 15:40 - 2015-09-11 15:40 - 00004718 _____ C:\Users\Daniela und Roland\Downloads\bod-logo-126-60.svg
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-10 21:34 - 2012-04-03 08:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-10 20:56 - 2012-09-16 20:22 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA.job
2015-10-10 20:22 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-10 20:22 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-10 19:57 - 2012-08-28 23:35 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2015-10-10 19:56 - 2012-09-16 20:22 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core.job
2015-10-10 18:26 - 2008-01-21 13:10 - 01567488 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-10 18:26 - 2008-01-21 13:09 - 00674024 _____ C:\Windows\system32\perfh007.dat
2015-10-10 18:26 - 2008-01-21 13:09 - 00146036 _____ C:\Windows\system32\perfc007.dat
2015-10-10 18:01 - 2008-01-21 03:53 - 01413341 _____ C:\Windows\WindowsUpdate.log
2015-10-10 11:32 - 2009-04-09 20:32 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\WTablet
2015-10-10 10:22 - 2009-07-26 10:34 - 00000000 ___DC C:\ProgramData\NVIDIA
2015-10-10 10:22 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 23:34 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-09 18:31 - 2009-04-10 21:17 - 00002659 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2015-10-09 18:02 - 2009-04-09 21:51 - 00000442 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2015-10-09 17:16 - 2009-06-28 15:17 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KnockOut 2
2015-10-09 15:43 - 2015-07-05 10:30 - 00008112 _____ C:\Windows\PFRO.log
2015-10-09 12:25 - 2014-11-28 14:21 - 00000908 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Christmas Market.lnk
2015-10-09 12:25 - 2014-03-08 20:43 - 00002118 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Coach.lnk
2015-10-09 12:25 - 2013-11-07 14:05 - 00000998 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Edwardian Advent Calendar.lnk
2015-10-09 12:25 - 2013-04-29 23:54 - 00000904 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-09 12:25 - 2012-12-08 16:21 - 00002425 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-10-09 12:25 - 2012-11-10 20:37 - 00000968 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Alpine Advent Calendar.lnk
2015-10-09 12:25 - 2012-10-06 19:42 - 00000894 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2015-10-09 12:25 - 2012-08-08 10:41 - 00001006 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-10-09 12:25 - 2011-11-19 22:06 - 00001088 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jacquie Lawson London Advent Calendar.lnk
2015-10-09 12:25 - 2009-10-01 22:01 - 00002503 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-09 12:25 - 2009-07-26 10:19 - 00001245 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2015-10-09 12:25 - 2009-04-10 21:17 - 00002759 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2015-10-09 12:25 - 2009-04-10 21:17 - 00002699 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2015-10-09 12:25 - 2009-04-10 21:17 - 00002687 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2015-10-09 12:25 - 2009-04-09 21:51 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007.lnk
2015-10-09 12:25 - 2009-04-09 21:32 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter Photo Essentials 4.lnk
2015-10-09 12:25 - 2009-04-09 20:40 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 6.0.lnk
2015-10-09 12:25 - 2009-04-09 20:30 - 00001772 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Journal.lnk
2015-10-09 12:25 - 2009-04-09 20:30 - 00001638 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes.lnk
2015-10-09 12:25 - 2009-04-09 19:47 - 00000604 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
2015-10-09 12:25 - 2006-11-02 17:36 - 00001852 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
2015-10-09 12:25 - 2006-11-02 17:36 - 00001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-09 12:25 - 2006-11-02 17:36 - 00001770 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
2015-10-09 12:25 - 2006-11-02 17:35 - 00001757 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
2015-10-09 12:25 - 2006-11-02 17:34 - 00001950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
2015-10-09 12:25 - 2006-11-02 17:34 - 00001768 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
2015-10-09 12:25 - 2006-11-02 17:28 - 00001743 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
2015-10-09 12:25 - 2003-05-17 21:38 - 00002671 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2015-10-09 12:25 - 2003-05-17 21:38 - 00002629 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2015-10-09 12:24 - 2012-07-28 22:36 - 00002001 _____ C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plan4You Easy.lnk
2015-10-09 12:24 - 2010-05-30 12:53 - 00001179 _____ C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Program Updates.lnk
2015-10-09 12:24 - 2009-08-21 17:17 - 00000919 _____ C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-10-09 12:24 - 2009-04-10 21:17 - 00002597 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk
2015-10-09 12:24 - 2009-04-10 21:17 - 00002593 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk
2015-10-09 12:24 - 2009-04-09 19:53 - 00000954 _____ C:\Users\Daniela und Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-09 12:24 - 2006-11-02 17:36 - 00001613 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-09 12:24 - 2006-11-02 17:25 - 00001641 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-07 23:51 - 2007-04-03 19:10 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Apps\2.0
2015-10-07 23:50 - 2009-04-10 18:59 - 00000000 ____D C:\Users\Roland.9193PHJUJKSUS6L
2015-10-07 23:50 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2015-10-07 23:50 - 2005-04-02 20:31 - 00000000 ___DC C:\Users\ROLAND~1~919
2015-10-07 23:49 - 2015-04-04 23:45 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\CrashDumps
2015-10-07 23:39 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2015-10-07 22:36 - 2006-11-02 14:33 - 89915392 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 73924608 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 100663296 _____ C:\Windows\system32\config\SYSTEM.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-10-07 22:36 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2015-10-07 22:27 - 2012-09-16 16:03 - 00000000 ____D C:\Users\Daniela und Roland\AppData\Roaming\convert
2015-10-04 22:59 - 2015-07-01 10:42 - 00000000 ____D C:\Windows\Minidump
2015-10-04 16:27 - 2009-06-09 20:12 - 00000000 ___DC C:\ProgramData\Lavasoft
2015-10-04 11:53 - 2009-04-09 19:52 - 00000000 ____D C:\Users\Daniela und Roland
2015-10-04 10:52 - 2014-09-21 20:29 - 00000000 ___DC C:\ProgramData\Package Cache
2015-10-04 10:31 - 2012-07-07 20:14 - 00000000 ___DC C:\ProgramData\Garmin
2015-10-04 10:31 - 2012-06-19 10:24 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-10-04 10:31 - 2009-11-13 21:08 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-10-04 10:30 - 2014-09-21 20:30 - 00003552 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-10-04 00:50 - 2013-04-29 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-27 19:28 - 2012-09-14 17:57 - 00000000 ____D C:\Users\Daniela und Roland\2) Rolands Eigene Ordner
2015-09-25 13:44 - 2015-07-01 15:20 - 00004502 _____ C:\Windows\setupact.log
2015-09-21 20:34 - 2012-04-03 08:44 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 20:34 - 2012-04-03 08:44 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 20:34 - 2011-05-17 10:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-18 19:51 - 2012-09-16 20:22 - 00004172 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000UA
2015-09-18 19:51 - 2012-09-16 20:22 - 00003776 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3433068400-1824330424-1932280774-1000Core
2015-09-15 14:39 - 2009-06-06 20:09 - 00000000 ___DC C:\Users\Daniela und Roland\AppData\Local\Google
2015-09-12 09:41 - 2014-05-11 12:17 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-09-10 09:16 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2015-09-10 08:59 - 2015-03-24 12:00 - 00422824 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-05-23 18:59 - 2009-05-23 18:59 - 0031728 _____ () C:\Program Files\AidaSerif.ttf
2009-05-23 18:58 - 2009-05-23 18:58 - 0031004 _____ () C:\Program Files\AidaSerifBold.ttf
2009-05-10 20:33 - 2009-05-10 20:33 - 0061776 _____ () C:\Program Files\FORTE.ttf
2013-03-10 17:18 - 2013-03-10 17:18 - 0000071 _____ () C:\Users\Daniela und Roland\AppData\Roaming\Camdata.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0000408 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamLayout.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0000408 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamShapes.ini
2013-03-10 17:18 - 2013-03-10 17:18 - 0004416 _____ () C:\Users\Daniela und Roland\AppData\Roaming\CamStudio.cfg
2009-04-11 11:14 - 2011-08-14 21:03 - 0031858 _____ () C:\Users\Daniela und Roland\AppData\Roaming\UserTile.png
2010-04-19 18:46 - 2011-04-27 08:01 - 0000580 ____C () C:\Users\Daniela und Roland\AppData\Local\45D86D82.il
2009-05-10 17:40 - 2009-05-10 17:40 - 0000552 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d8caps.dat
2009-07-25 19:15 - 2012-04-15 12:16 - 0000680 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d9caps.dat
2009-04-09 19:52 - 2010-08-01 11:36 - 0000732 ____C () C:\Users\Daniela und Roland\AppData\Local\d3d9caps64.dat
2009-04-09 21:23 - 2015-04-29 11:07 - 0240128 _____ () C:\Users\Daniela und Roland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-14 18:46 - 2011-11-14 18:46 - 0373176 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistMSI3C32.txt
2010-08-24 18:23 - 2010-08-24 18:23 - 0423558 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistMSI3D0C.txt
2011-11-14 18:46 - 2011-11-14 18:46 - 0012328 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistUI3C32.txt
2010-08-24 18:23 - 2010-08-24 18:23 - 0011472 ____C () C:\Users\Daniela und Roland\AppData\Local\dd_vcredistUI3D0C.txt
2009-06-20 20:50 - 2009-06-20 20:50 - 0000545 ____C () C:\Users\Daniela und Roland\AppData\Local\DrCoverRenderingSettings.cfg
2011-07-26 20:17 - 2011-07-26 20:17 - 0000275 ____C () C:\Users\Daniela und Roland\AppData\Local\HamsterVideoConverterSettings.cfg
2010-04-19 18:46 - 2011-04-27 08:01 - 0000280 ____C () C:\Users\Daniela und Roland\AppData\Local\IndexIE_45D86D82.il
2014-07-12 17:21 - 2014-07-12 17:38 - 111684871 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #1.mp3
2014-07-12 17:11 - 2014-07-12 17:12 - 188888559 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #1.mp4
2014-07-12 17:38 - 2014-07-12 17:48 - 81285319 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #2.mp3
2014-07-12 17:12 - 2014-07-12 17:15 - 472108016 _____ () C:\Users\Daniela und Roland\AppData\Local\Playlist Gym Workout Running Motivation Music #2.mp4
2012-05-08 23:27 - 2012-05-08 23:27 - 0017408 ____C () C:\Users\Daniela und Roland\AppData\Local\WebpageIcons.db
2013-09-15 17:34 - 2013-09-15 17:34 - 0000057 ____C () C:\ProgramData\Ament.ini
2011-08-04 17:18 - 2011-08-04 18:34 - 0000386 ____C () C:\ProgramData\DriverTool.log
2009-04-09 21:28 - 2015-04-04 15:18 - 0003402 ___SH () C:\ProgramData\KGyGaAvL.sys
2009-07-26 10:34 - 2012-03-06 19:29 - 0142890 ____C () C:\ProgramData\nvModes.001
2009-07-26 10:34 - 2012-03-06 19:29 - 0142890 ____C () C:\ProgramData\nvModes.dat
Einige Dateien in TEMP:
====================
C:\Users\Daniela und Roland\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-10 10:37
==================== Ende von FRST.txt ============================
Was sagt Dein geschultes Auge zu den aktuellen Logfiles? :-) |
|
11.10.2015, 07:40
| #11 |
| /// the machine /// TB-Ausbilder | Umleitung auf gefakte Seiten Flash und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Daniela und Roland\Documents\Waltograph Font - CHIP-Installer.exe
C:\Users\Daniela und Roland\Downloads\cbsidlm-cbsi213-EssentialPIM_Portable-BP-10497313.exe
C:\Users\Daniela und Roland\Downloads\e73f19hl_CB-DL-Manager.exe
C:\Users\Daniela und Roland\Downloads\EML Viewer - CHIP-Installer.exe
C:\Users\Daniela und Roland\Downloads\LibreOffice - CHIP-Installer.exe
C:\Users\Daniela und Roland\Downloads\XMedia Recode - CHIP-Installer.exe
J:\Documents\Waltograph Font - CHIP-Installer.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloadverhalten überdenken: CHIP-Installer - was ist das? - Anleitungen Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2015, 12:25
| #12 |
| | Umleitung auf gefakte SeitenCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-10-2015
durchgeführt von Daniela und Roland (2015-10-11 13:09:20) Run:1
Gestartet von C:\Users\Daniela und Roland\Desktop
Geladene Profile: Daniela und Roland (Verfügbare Profile: Daniela und Roland & UpdatusUser)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\Users\Daniela und Roland\Documents\Waltograph Font - CHIP-Installer.exe
C:\Users\Daniela und Roland\Downloads\cbsidlm-cbsi213-EssentialPIM_Portable-BP-10497313.exe
C:\Users\Daniela und Roland\Downloads\e73f19hl_CB-DL-Manager.exe
C:\Users\Daniela und Roland\Downloads\EML Viewer - CHIP-Installer.exe
C:\Users\Daniela und Roland\Downloads\LibreOffice - CHIP-Installer.exe
C:\Users\Daniela und Roland\Downloads\XMedia Recode - CHIP-Installer.exe
J:\Documents\Waltograph Font - CHIP-Installer.exe
Emptytemp:
*****************
C:\Users\Daniela und Roland\Documents\Waltograph Font - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Daniela und Roland\Downloads\cbsidlm-cbsi213-EssentialPIM_Portable-BP-10497313.exe => erfolgreich verschoben
C:\Users\Daniela und Roland\Downloads\e73f19hl_CB-DL-Manager.exe => erfolgreich verschoben
C:\Users\Daniela und Roland\Downloads\EML Viewer - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Daniela und Roland\Downloads\LibreOffice - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Daniela und Roland\Downloads\XMedia Recode - CHIP-Installer.exe => erfolgreich verschoben
J:\Documents\Waltograph Font - CHIP-Installer.exe => erfolgreich verschoben
EmptyTemp: => 250.5 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 13:09:46 ====
Code:
ATTFilter # DelFix v1.011 - Datei am 11/10/2015 um 13:26:45 erstellt
# Aktualisiert am 18/08/2015 von Xplode
# Benutzer : Daniela und Roland - DANIELAUNDRO-PC
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\mbar
Gelöscht : C:\32788R22FWJFW
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\Daniela und Roland\Downloads\FRST-OlderVersion
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Daniela und Roland\Desktop\adwcleaner_5.013.exe
Gelöscht : C:\Users\Daniela und Roland\Desktop\Fixlog.txt
Gelöscht : C:\Users\Daniela und Roland\Desktop\FRST.txt
Gelöscht : C:\Users\Daniela und Roland\Desktop\FRST64.exe
Gelöscht : C:\Users\Daniela und Roland\Desktop\JRT.exe
Gelöscht : C:\Users\Daniela und Roland\Desktop\JRT.txt
Gelöscht : C:\Users\Daniela und Roland\Desktop\SecurityCheck.exe
Gelöscht : C:\Users\Daniela und Roland\Downloads\Addition.txt
Gelöscht : C:\Users\Daniela und Roland\Downloads\esetsmartinstaller_deu.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
|
|
11.10.2015, 20:17
| #13 |
| /// the machine /// TB-Ausbilder | Umleitung auf gefakte Seiten fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
