| ga-bwler | 26.03.2015 22:56 |
Code:
# AdwCleaner v4.113 - Bericht erstellt 26/03/2015 um 22:37:39
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-26.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Benutzername : Schüle - SCHÜLE-LAPTOP
# Gestarted von : C:\Users\Schüle\Eigene Dateien\Downloads\AdwCleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\DM
Ordner Gelöscht : C:\Users\SCHLE~1\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Schüle\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Schüle\AppData\LocalLow\SweetIM
[!] Ordner Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\SCHLE~1\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v7.0.6001.18639
-\\ Mozilla Firefox v
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltlng", "de");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlday", "15611");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlref", "MON00015");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.smplgrp", "none");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrid", "base");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsnts", "1.6.7.421:27:59");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "{e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1,ffxtlbra@softonic.com:1.6.0,{317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.9.1,plugin@yontoo.com:1.20.02,{EEE6C361-61[...]
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.installId", "0a25c89b-5b73-4b82-89a3-7372d00d315c");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q=");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010006.10028");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{D3107344-3C9C-11E2-9702-00238B2DD3EE}");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
-\\ Google Chrome v41.0.2272.101
*************************
AdwCleaner[R0].txt - [19293 Bytes] - [13/07/2014 14:27:07]
AdwCleaner[R1].txt - [13530 Bytes] - [26/03/2015 22:12:47]
AdwCleaner[S0].txt - [14194 Bytes] - [26/03/2015 22:37:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14254 Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Schle on 26.03.2015 at 22:46:32,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\Schle\AppData\Roaming\flexnet"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2015 at 22:49:15,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Schüle at 2015-03-26 22:54:19
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Amicron-Faktura 11.0 © Amicron Software (HKLM\...\Amicron-Faktura 11.0) (Version: - )
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Comodo BackUp (HKLM\...\Comodo BackUp) (Version: 1.0.4.337 - COMODO)
DELISprint (HKLM\...\{9480CCD5-BB18-4DF3-AB18-04198B30DD62}) (Version: 5.6.7.0 - DPD)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.5.1 (HKLM\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
Firebird 2.5.2.26540 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
InfoBibliothek (HKLM\...\{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}) (Version: - Akademische Arbeitsgemeinschaft)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MPM (HKLM\...\{7ABD82AD-E13E-4673-A450-0890D43C8F9D}) (Version: 1.00.0000 - Hewlett-Packard)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Nuance PDF Converter 7 (HKLM\...\{667014DE-A731-4487-9650-BD864C536F4F}) (Version: 7.00.2000 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9379 - OpenOffice.org)
PDF To Excel Converter V3.0 (HKLM\...\PDF To Excel Converter_is1) (Version: - hxxp://www.PDFExcelConverter.com)
Profi cash (HKLM\...\Profi cash) (Version: - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5680 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scansoft PDF Converter (Version: - ) Hidden
Steuer 2011 (HKLM\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Steuersparer 2010 (HKLM\...\{9B954367-8314-4E94-9FFC-D6EFF7C6B674}) (Version: 17.00.6531 - Buhl Data Service GmbH)
Steuersparer 2011 (HKLM\...\{538E852C-1064-46EF-9B24-6EC9B1494792}) (Version: 18.00.6933 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2008 (HKLM\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.01.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.11.0000 - Akademische Arbeitsgemeinschaft Verlag)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XnView 2.03 (HKLM\...\XnView_is1) (Version: 2.03 - Gougelet Pierre-e)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InprocServer32 -> No File Path
==================== Restore Points =========================
22-03-2015 21:47:19 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.6 by SweetPacks
22-03-2015 21:53:24 Revo Uninstaller's restore point - SweetPacks bundle uninstaller
22-03-2015 21:56:47 Revo Uninstaller's restore point - Update Manager for SweetPacks 1.1
22-03-2015 21:59:06 Revo Uninstaller's restore point - Yontoo 1.10.03
24-03-2015 23:14:23 Removed Apple Software Update
24-03-2015 23:16:39 Removed Apple Mobile Device Support
24-03-2015 23:17:54 Removed Apple Application Support (32-Bit)
24-03-2015 23:24:02 Removed iTunes
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {171DF220-EF09-449C-8AA2-BB5DF0D5E2F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: {22B8F97D-5736-4520-9C6B-67C75987854C} - System32\Tasks\{743FC91F-421D-4A8B-BACA-40B6CBC289E5} => pcalua.exe -a c:\Users\Schüle\Documents\Downloads\amicron-faktura11(2).exe
Task: {4C7044E2-6D55-4F72-8668-4F71B6BFA3BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {4F4BF66C-98F3-4BDD-A82E-BF2768473BB7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Schüle => C:\Program Files\Windows Calendar\wincal.exe [2008-01-21] (Microsoft Corporation)
Task: {534DF986-986C-4568-85A6-245C4D6E03C8} - System32\Tasks\{A1B029EC-5A50-478D-A54D-9810DC94C25D} => pcalua.exe -a C:\PROGRA~1\AMICRO~1.0\UNWISE.EXE -c C:\PROGRA~1\AMICRO~1.0\Install.log
Task: {66197C39-E854-490C-B9B5-3E82B27101FB} - System32\Tasks\{88C66690-BBA1-4297-A840-26D69C048E4A} => pcalua.exe -a C:\Users\Schüle\Downloads\setup_kadmos_irfanview_de.exe -d C:\Users\Schüle\Downloads
Task: {91062CE2-CC24-442B-827A-EE9B2F8EB474} - System32\Tasks\{4CE875CE-371C-4A2B-A945-F691B3351578} => pcalua.exe -a "C:\Users\Schüle\Eigene Dateien\Downloads\AF11-Setup.exe" -d "C:\Users\Schüle\Eigene Dateien\Downloads"
Task: {9EB265ED-B122-4E5C-9779-3E4B51B2BC5E} - System32\Tasks\{62413CF2-5EBD-4C71-88C5-8A493C2D3E1D} => pcalua.exe -a "C:\Program Files\Oberon Media\eMachines\Uninstall.exe" -c "C:\Program Files\Oberon Media\eMachines\install.log"
Task: {D01C3D6B-91E9-444C-BE2C-7D3E7E848B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-13 20:05 - 2014-09-10 16:24 - 00019216 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files\Common Files\AAV\aavus.exe
2008-02-28 21:44 - 2008-02-28 21:44 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2009-03-06 11:15 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-03-06 11:15 - 2009-03-06 11:15 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-04-04 02:03 - 2008-04-04 02:03 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2008-04-06 21:42 - 2008-04-06 21:42 - 00034040 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-04 02:00 - 2008-04-04 02:00 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2008-07-29 12:55 - 2008-07-29 12:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-01-09 19:18 - 2009-01-09 19:18 - 00139264 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll
2008-07-29 12:59 - 2008-07-29 12:59 - 00165376 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll
2011-08-28 22:19 - 2011-08-28 22:19 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-03-22 10:50 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img33.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-768814543-1293272205-1146082735-500 - Administrator - Disabled)
Gast (S-1-5-21-768814543-1293272205-1146082735-501 - Limited - Disabled)
Schüle (S-1-5-21-768814543-1293272205-1146082735-1000 - Administrator - Enabled) => C:\Users\Schüle
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-26 22:54:11.631
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:54:11.350
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:54:11.054
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:54:10.773
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:51.407
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:51.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:50.771
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:50.410
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:50.065
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:49.737
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) X2 Dual-Core QL-62
Percentage of memory in use: 44%
Total physical RAM: 2813.5 MB
Available physical RAM: 1569.78 MB
Total Pagefile: 5863.44 MB
Available Pagefile: 4658.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.38 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:144.04 GB) (Free:42.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 26-03-2015 22:53:02
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Loaded Profiles: Schüle (Available profiles: Schüle)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Common Files\AAV\aavus.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default
FF Homepage: http.www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11]
FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08]
FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28]
FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\ffxtlbra@softonic.com [Not Found]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed]
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-03-24] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-03-24] (Emsisoft GmbH)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-23] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-25] (Malwarebytes Corporation)
R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed]
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-26 22:49 - 2015-03-26 22:49 - 00000939 _____ () C:\Users\Schüle\Desktop\JRT.txt
2015-03-25 09:12 - 2015-03-25 09:12 - 00001886 _____ () C:\Users\Schüle\Desktop\a2scan_150325-063559 bericht.txt
2015-03-25 06:22 - 2015-03-25 06:22 - 00142656 _____ () C:\Windows\Minidump\Mini032515-01.dmp
2015-03-24 23:54 - 2015-03-24 23:54 - 00142656 _____ () C:\Windows\Minidump\Mini032415-02.dmp
2015-03-24 23:14 - 2015-03-24 23:14 - 00000000 ____D () C:\OETemp
2015-03-24 21:04 - 2015-03-24 21:04 - 00000693 _____ () C:\Users\Schüle\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-24 21:03 - 2015-03-25 06:25 - 00000000 ____D () C:\EEK
2015-03-24 01:09 - 2015-03-24 01:09 - 00142608 _____ () C:\Windows\Minidump\Mini032415-01.dmp
2015-03-23 22:32 - 2015-03-25 00:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 22:32 - 2015-03-25 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-23 22:31 - 2015-03-23 22:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 17:30 - 2015-03-23 17:30 - 00142608 _____ () C:\Windows\Minidump\Mini032315-01.dmp
2015-03-22 22:01 - 2015-03-23 22:31 - 00000000 ____D () C:\Users\Schüle\Desktop\mbar
2015-03-22 21:43 - 2015-03-24 23:27 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-22 21:37 - 2015-03-22 21:37 - 00138976 _____ () C:\Windows\Minidump\Mini032215-01.dmp
2015-03-19 22:33 - 2015-03-24 23:35 - 00000000 ____D () C:\Program Files\Avira
2015-03-19 22:17 - 2015-03-19 22:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini
2015-03-19 20:50 - 2015-03-19 20:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt
2015-03-19 20:50 - 2015-03-19 20:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt#
2015-03-19 20:16 - 2015-03-19 20:16 - 00036873 _____ () C:\Users\Schüle\Desktop\FRST.txt
2015-03-19 16:22 - 2015-03-26 22:53 - 00000000 ____D () C:\FRST
2015-03-19 16:18 - 2015-03-19 16:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable
2015-03-19 14:22 - 2015-03-23 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 13:33 - 2015-03-19 13:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp
2015-03-14 16:12 - 2015-03-14 16:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp
2015-03-13 11:58 - 2015-03-13 11:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt
2015-03-08 15:11 - 2015-03-07 20:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt
2015-03-08 15:11 - 2015-03-07 20:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt
2015-03-07 20:34 - 2015-03-07 20:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt#
2015-03-07 15:10 - 2015-03-07 15:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt
2015-03-05 10:54 - 2015-03-05 10:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp
2015-03-03 05:48 - 2015-03-03 05:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-26 22:47 - 2013-05-22 12:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 22:46 - 2014-07-13 14:27 - 00000000 ____D () C:\AdwCleaner
2015-03-26 22:46 - 2009-03-06 11:09 - 01767466 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 22:42 - 2011-11-28 14:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-26 22:41 - 2014-06-09 22:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-26 22:41 - 2013-05-22 12:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 22:41 - 2010-08-14 19:32 - 00027934 _____ () C:\ProgramData\nvModes.001
2015-03-26 22:41 - 2009-03-06 11:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-03-26 22:41 - 2008-09-11 01:01 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-26 22:41 - 2008-01-21 03:47 - 00328482 _____ () C:\Windows\PFRO.log
2015-03-26 22:41 - 2006-11-02 14:01 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 22:41 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 22:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 22:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 22:35 - 2012-04-20 08:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 19:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing
2015-03-25 06:22 - 2010-12-17 14:31 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 06:22 - 2010-12-17 14:30 - 382524070 _____ () C:\Windows\MEMORY.DMP
2015-03-24 23:35 - 2009-04-25 21:25 - 00000000 ____D () C:\Program Files\Hardcopy
2015-03-24 23:27 - 2015-02-19 16:57 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-24 23:19 - 2009-05-13 21:52 - 00000000 ____D () C:\ProgramData\Apple
2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-19 16:18 - 2009-04-11 21:55 - 00000000 ____D () C:\Users\Schüle
2015-03-18 15:10 - 2010-08-05 19:34 - 00027934 _____ () C:\ProgramData\nvModes.dat
2015-03-15 19:10 - 2010-01-19 22:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc
2015-03-15 17:52 - 2010-07-29 21:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss
2015-03-13 11:58 - 2014-02-15 16:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia
2015-03-13 06:26 - 2008-09-11 01:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 21:09 - 2006-11-02 13:52 - 00115692 _____ () C:\Windows\setupact.log
2015-03-09 21:07 - 2015-01-17 19:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15
2015-03-08 15:54 - 2012-06-28 20:24 - 00000000 ____D () C:\ProgramData\firebird
==================== Files in the root of some directories =======
2011-04-27 17:58 - 2014-03-25 21:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt
2010-05-11 20:22 - 2014-06-08 21:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat
2009-08-08 21:41 - 2015-01-18 11:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-11 21:04 - 2014-05-01 22:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log
2015-03-19 22:17 - 2015-03-19 22:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini
2010-08-14 19:32 - 2015-03-26 22:41 - 0027934 _____ () C:\ProgramData\nvModes.001
2010-08-05 19:34 - 2015-03-18 15:10 - 0027934 _____ () C:\ProgramData\nvModes.dat
Some content of TEMP:
====================
C:\Users\Schüle\AppData\Local\Temp\avgnt.exe
C:\Users\Schüle\AppData\Local\Temp\avguidx.dll
C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply363d.dll
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe
C:\Users\Schüle\AppData\Local\Temp\Quarantine.exe
C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\sqlite3.dll
C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\ytb.exe
C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-26 22:48
==================== End Of Log ============================
--- --- ---
--- --- --- |
SecurityCheck und: