| emi-chan | 09.11.2014 13:57 |
Hallo,
vielen Dank für die gut erklärten Schritte! Hab von PCs leider nicht so viel Ahnung...also hier kommen die Logfiles:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by Noemi (administrator) on DESKTOP-PC on 09-11-2014 13:51:20
Running from C:\Users\Noemi.Desktop-PC\Downloads
Loaded Profile: Noemi (Available profiles: Thomas Lehr & Andrea & Jan & Noemi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\eDealPop\eDealPop.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
() C:\Windows\SysWOW64\SoftwareUtilityWiget\SoftwareUtilityWiget.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-12] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [346320 2009-08-04] (DeviceVM, Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-12-04] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DATAMNGR] => C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-10] (APN)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [7168 2014-09-23] ()
HKU\S-1-5-21-3210053169-4255539437-2466053138-1004\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-10-20] (Electronic Arts)
HKU\S-1-5-21-3210053169-4255539437-2466053138-1004\...\MountPoints2: {a2547331-ce59-11e1-82b7-6cf049b87b31} - F:\USBAutoRun.exe
IFEO\bitguard.exe: [Debugger]
IFEO\bprotect.exe: [Debugger]
IFEO\bpsvc.exe: [Debugger]
IFEO\browserdefender.exe: [Debugger]
IFEO\browserprotect.exe: [Debugger]
IFEO\browsersafeguard.exe: [Debugger]
IFEO\dprotectsvc.exe: [Debugger]
IFEO\jumpflip: [Debugger]
IFEO\protectedsearch.exe: [Debugger]
IFEO\searchinstaller.exe: [Debugger]
IFEO\searchprotection.exe: [Debugger]
IFEO\searchprotector.exe: [Debugger]
IFEO\searchsettings.exe: [Debugger]
IFEO\searchsettings64.exe: [Debugger]
IFEO\snapdo.exe: [Debugger]
IFEO\stinst32.exe: [Debugger]
IFEO\stinst64.exe: [Debugger]
IFEO\umbrella.exe: [Debugger]
IFEO\utiljumpflip.exe: [Debugger]
IFEO\volaro: [Debugger]
IFEO\vonteera: [Debugger]
IFEO\websteroids.exe: [Debugger]
IFEO\websteroidsservice.exe: [Debugger]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Noemi.Desktop-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Noemi.Desktop-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Noemi.Desktop-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Thomas Lehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Noemi.Desktop-PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Noemi.Desktop-PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Noemi.Desktop-PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3CEB48F60D6DCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=0170544952344659&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a13251-110&apn_uid=0170544952344659&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=0170544952344659&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a13251-110&apn_uid=0170544952344659&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {73F66805-1557-4f7a-8FD0-622B4E1E6D03} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {723DAFCA-167F-4c00-99A3-1B9273D8407F} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKCU - {73F66805-1557-4f7a-8FD0-622B4E1E6D03} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a13251-110&apn_uid=0170544952344659&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: less2pay -> {72d6f7f0-85ba-42b8-84e8-bc320acc8f62} -> C:\ProgramData\less2pay\76QpW1a8VHw8dD.x64.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Thomas Lehr\AppData\LocalLow\IE-BHO\bho.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Search-Results Toolbar -> {503e067f-2914-4edd-8432-2d6c52635e23} -> C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Search-Results Toolbar - {503e067f-2914-4edd-8432-2d6c52635e23} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value -
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: haufereader - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Windows\system32\nspsjhp0.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default
FF SearchEngineOrder.1: Ask.com
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=120&systemid=406&v=a11465-110&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0170544952344659&o=APN10645&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: topdeal - C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default\Extensions\SQ@NdRw3pxO6.edu [2014-11-08]
FF Extension: Ask New Tabs - C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default\Extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25} [2014-04-27]
FF Extension: Cliqz Beta - C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default\Extensions\cliqz@cliqz.com.xpi [2014-09-11]
FF Extension: Adblock Plus - C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{79eafc6c-0630-4302-91e1-64cea491fa78}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-10-27]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Noemi.Desktop-PC\AppData\Roaming\Mozilla\Firefox\Profiles\vrg62en4.default\extensions\cliqz@cliqz.com
FF HKCU\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\Noemi.Desktop-PC\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\Noemi.Desktop-PC\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-11-08]
FF Extension: No Name - safesearch@f-secure.com [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (getPlusPlus for Adobe 16291) - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Noemi.Desktop-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (downloaditkeep) - C:\Users\Noemi.Desktop-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmflecgbfoonbnkbbpalhelneefofjgf [2014-11-05]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Noemi.Desktop-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2014-11-07]
CHR Extension: (Skype Click to Call) - C:\Users\Noemi.Desktop-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-08]
CHR Extension: (Shoeboxed Web Clipper) - C:\Users\Noemi.Desktop-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi [2014-11-08]
CHR HKLM-x32\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx []
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Thomas Lehr\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-04-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-10] (APN LLC.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DailytoolsUpdateService; C:\Windows\SysWOW64\update1.dll [352256 2014-08-01] (Dailytools GmbH) [File not signed]
R2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3573248 2014-07-02] (Bandoo Media Inc.)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S4 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32st.exe [221864 2011-10-04] (F-Secure Corporation)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-09-01] (NOS Microsystems Ltd.)
R2 SoftwareUtilityWiget; C:\Windows\SysWOW64\SoftwareUtilityWiget\SoftwareUtilityWiget.exe [69120 2014-11-04] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2012-07-20] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-08-16] () [File not signed]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202792 2014-10-27] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-11-04] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-10-27] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42248 2013-03-06] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-10-29] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2010-10-10] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-09 13:51 - 2014-11-09 13:51 - 00029268 _____ () C:\Users\Noemi.Desktop-PC\Downloads\FRST.txt
2014-11-09 13:50 - 2014-11-09 13:51 - 00000000 ____D () C:\FRST
2014-11-09 13:50 - 2014-11-09 13:50 - 02115584 _____ (Farbar) C:\Users\Noemi.Desktop-PC\Downloads\FRST64.exe
2014-11-09 13:34 - 2014-11-09 13:34 - 00000056 _____ () C:\Windows\setupact.log
2014-11-09 13:34 - 2014-11-09 13:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-08 19:51 - 2014-11-08 19:52 - 00979610 _____ () C:\Users\Noemi.Desktop-PC\Downloads\adblock_plus-2.6.5-an+tb+fx+sm (3).xpi
2014-11-08 19:47 - 2014-11-08 19:47 - 00979610 _____ () C:\Users\Noemi.Desktop-PC\Downloads\adblock_plus-2.6.5-an+tb+fx+sm (2).xpi
2014-11-08 19:47 - 2014-11-08 19:47 - 00979610 _____ () C:\Users\Noemi.Desktop-PC\Downloads\adblock_plus-2.6.5-an+tb+fx+sm (1).xpi
2014-11-08 19:45 - 2014-11-08 19:45 - 00979610 _____ () C:\Users\Noemi.Desktop-PC\Downloads\adblock_plus-2.6.5-an+tb+fx+sm.xpi
2014-11-08 19:43 - 2014-11-08 19:43 - 00000000 __SHD () C:\Users\Noemi.Desktop-PC\AppData\Local\EmieUserList
2014-11-08 19:43 - 2014-11-08 19:43 - 00000000 __SHD () C:\Users\Noemi.Desktop-PC\AppData\Local\EmieSiteList
2014-11-08 19:17 - 2014-11-08 19:17 - 00000000 ____D () C:\Users\Noemi.Desktop-PC\AppData\Local\F-Secure
2014-11-08 19:07 - 2014-11-08 19:07 - 00000000 ____D () C:\ProgramData\374311380
2014-11-08 19:03 - 2014-11-08 19:03 - 00000000 ____D () C:\Windows\SysWOW64\SoftwareUtilityWiget
2014-11-08 19:03 - 2014-11-08 19:03 - 00000000 ____D () C:\Users\Noemi.Desktop-PC\AppData\Local\ApplicationFirmwareProgram
2014-11-08 19:03 - 2014-11-08 19:03 - 00000000 ____D () C:\Program Files (x86)\eDealPop
2014-11-08 19:01 - 2014-11-08 19:01 - 00000000 ____D () C:\Users\Noemi.Desktop-PC\AppData\Roaming\VOPackage
2014-11-08 19:01 - 2014-11-08 19:01 - 00000000 ____D () C:\Users\Noemi.Desktop-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-11-08 18:58 - 2014-11-08 18:58 - 00003582 _____ () C:\Windows\System32\Tasks\Ribble
2014-11-08 18:58 - 2014-11-08 18:58 - 00000000 ____D () C:\Users\Noemi.Desktop-PC\AppData\Roaming\Dorrible
2014-11-08 18:57 - 2014-11-08 18:57 - 02306048 _____ (Free Flash Plugins company) C:\Users\Noemi.Desktop-PC\Downloads\DownloadFileSetup_46JtE.exe
2014-11-08 18:51 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-08 18:51 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-08 18:51 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-08 18:51 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-08 18:49 - 2014-11-08 18:51 - 00004855 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-08 17:36 - 2014-11-08 17:36 - 00000000 ____D () C:\ProgramData\UltraCoupon
2014-11-08 17:35 - 2014-11-08 17:38 - 00000000 ____D () C:\ProgramData\less2pay
2014-11-08 15:48 - 2014-11-08 15:48 - 00071168 _____ () C:\Users\Noemi.Desktop-PC\Downloads\November 2014,.xls
2014-11-05 20:34 - 2014-11-08 17:36 - 00000000 ____D () C:\ProgramData\9aa0f32f3e31789a
2014-11-05 18:56 - 2014-11-08 19:00 - 00003248 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-11-05 18:56 - 2014-11-05 18:56 - 00000000 ____D () C:\Users\Thomas Lehr\Documents\Optimizer Pro
2014-11-05 18:52 - 2014-11-05 18:52 - 00000000 ____D () C:\Users\Thomas Lehr\AppData\Roaming\dlg
2014-11-05 18:48 - 2014-11-05 18:48 - 00000000 ____D () C:\Users\Thomas Lehr\AppData\Roaming\Security Systems
2014-11-05 18:46 - 2014-11-05 18:46 - 00664512 _____ () C:\Users\Thomas Lehr\Downloads\7-zip.exe
2014-11-04 18:30 - 2014-11-04 18:30 - 00000000 ____D () C:\Users\Noemi.Desktop-PC\AppData\Local\AskPartnerNetwork
2014-11-02 19:48 - 2014-11-02 19:48 - 00000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-11-02 19:47 - 2014-11-02 19:47 - 00000000 ____D () C:\Users\Thomas Lehr\AppData\Local\Xenocode
2014-11-02 19:47 - 2014-11-02 19:47 - 00000000 ____D () C:\Users\Thomas Lehr\AppData\Local\SanDisk
2014-11-02 19:47 - 2014-11-02 19:47 - 00000000 ____D () C:\ProgramData\SanDisk
2014-10-25 19:14 - 2014-10-25 19:14 - 00000000 ____D () C:\Users\Thomas Lehr\AppData\Local\F-Secure
2014-10-24 18:07 - 2014-10-24 18:07 - 01722914 _____ () C:\Users\Thomas Lehr\Downloads\Zeugnis1 2012.jpeg
2014-10-24 18:07 - 2014-10-24 18:07 - 01338032 _____ () C:\Users\Thomas Lehr\Downloads\Zeugnis 2003.jpeg
2014-10-24 18:07 - 2014-10-24 18:07 - 00984044 _____ () C:\Users\Thomas Lehr\Downloads\Zeugnis2 2012.jpeg
2014-10-18 17:32 - 2014-09-29 18:52 - 01722914 _____ () C:\Users\Thomas Lehr\Documents\Zeugnis1.jpeg
2014-10-18 17:32 - 2014-09-29 18:52 - 00984044 _____ () C:\Users\Thomas Lehr\Documents\Zeugnis2.jpeg
2014-10-17 17:00 - 2014-10-27 17:34 - 00000000 ____D () C:\Users\Thomas Lehr\Documents\Rökona
2014-10-16 09:38 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 09:38 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 09:38 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 09:38 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 09:38 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 09:38 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 09:38 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 09:38 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 09:38 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 09:38 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 09:38 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 09:38 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 09:38 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 09:38 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 09:38 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 09:38 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 09:38 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 09:38 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 09:38 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 09:38 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 09:38 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 09:38 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 09:38 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 09:38 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 09:38 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 09:38 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 09:38 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 09:38 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 09:38 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 09:38 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 09:38 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:38 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:38 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 09:38 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:38 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:37 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 09:37 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 09:37 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 09:37 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 09:37 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 09:37 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 09:37 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 09:37 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 09:37 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 09:37 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 09:37 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 09:37 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 09:37 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 09:37 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 09:37 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 09:37 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 09:37 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 09:37 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 09:37 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 09:37 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 09:37 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 09:37 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 09:37 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 09:37 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 09:37 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 09:37 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 09:37 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 09:37 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 09:37 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 09:37 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 09:37 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 09:35 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 09:35 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 09:34 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:34 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:34 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 09:34 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 09:34 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 09:34 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:34 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:34 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:34 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 09:34 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 09:34 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:34 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 09:34 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 09:34 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 09:34 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 09:34 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 09:34 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:34 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 09:33 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 09:33 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 18:55 - 2014-10-15 18:55 - 00000000 ____D () C:\Users\Jan\AppData\Local\PMB Files
2014-10-15 10:41 - 2014-10-15 10:41 - 00001046 _____ () C:\Users\Andrea\Downloads\inline
2014-10-14 16:52 - 2014-10-14 16:52 - 00445193 _____ () C:\Users\Noemi.Desktop-PC\Downloads\AW_ WG_ Musik Mentor.eml
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-09 13:52 - 2014-07-03 18:24 - 00000000 ____D () C:\ProgramData\Datamngr
2014-11-09 13:50 - 2009-07-14 05:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 13:50 - 2009-07-14 05:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 13:41 - 2014-09-16 14:51 - 00003252 _____ () C:\Windows\System32\Tasks\Scheduled scanning task
2014-11-09 13:41 - 2014-09-16 14:51 - 00000618 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2014-11-09 13:39 - 2010-10-01 12:52 - 00000144 _____ () C:\service.log
2014-11-09 13:38 - 2010-10-01 13:02 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-11-09 13:35 - 2011-01-01 21:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 13:34 - 2011-12-25 14:33 - 00000340 _____ () C:\Windows\Tasks\RegistryBooster.job
2014-11-09 13:34 - 2010-11-03 19:31 - 00000344 _____ () C:\Windows\Tasks\WinMaximizer-Thomas Lehr-Startup.job
2014-11-09 13:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 13:33 - 2013-04-07 10:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 21:15 - 2011-01-01 21:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 21:15 - 2010-10-01 17:58 - 01477164 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 19:11 - 2013-05-01 10:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-08 19:10 - 2014-09-14 12:52 - 00000000 ____D () C:\Users\Noemi.Desktop-PC\AppData\Roaming\F-Secure
2014-11-08 19:08 - 2014-03-08 19:04 - 00000000 ____D () C:\ProgramData\Origin
2014-11-08 19:06 - 2014-03-08 19:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-08 18:51 - 2013-10-17 16:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-08 18:51 - 2010-10-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-08 18:43 - 2014-05-09 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 17:59 - 2012-07-22 09:42 - 00000000 ____D () C:\Windows\Minidump
2014-11-02 19:48 - 2009-07-14 18:58 - 00715052 _____ () C:\Windows\system32\perfh007.dat
2014-11-02 19:48 - 2009-07-14 18:58 - 00157080 _____ () C:\Windows\system32\perfc007.dat
2014-11-02 19:48 - 2009-07-14 06:13 - 01667408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 19:32 - 2013-11-20 19:56 - 00000864 _____ () C:\NSI_DriverInstall.log
2014-11-02 17:29 - 2014-08-18 08:33 - 00000000 ____D () C:\Users\Thomas Lehr\Documents\50er Thomas
2014-10-31 12:36 - 2014-01-01 13:47 - 00000000 ____D () C:\Users\Noemi.Desktop-PC\Documents\Brauchbares
2014-10-29 20:22 - 2011-12-20 14:42 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 11:40 - 2011-11-19 10:16 - 00000000 ___RD () C:\Users\Jan\Dropbox
2014-10-28 11:34 - 2011-11-19 10:14 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Dropbox
2014-10-27 19:39 - 2010-10-08 13:06 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-10-27 19:27 - 2010-10-01 13:00 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2014-10-27 19:23 - 2011-10-31 17:54 - 00020571 _____ () C:\Windows\prodsett_copy.ini
2014-10-27 19:18 - 2010-10-01 12:59 - 00000000 ____D () C:\ProgramData\f-secure
2014-10-27 19:17 - 2013-08-08 17:19 - 00001949 _____ () C:\Users\Public\Desktop\F-Secure.lnk
2014-10-27 19:17 - 2011-10-31 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2014-10-25 17:18 - 2011-12-26 10:16 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Skype
2014-10-25 16:01 - 2011-01-01 21:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 16:01 - 2011-01-01 21:11 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 21:51 - 2012-03-18 18:06 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client
2014-10-24 21:09 - 2010-10-19 19:24 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D5CEECC3-65A1-46EC-A9F3-8D70FFAAEED4}
2014-10-17 16:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 13:27 - 2009-07-14 05:45 - 00343272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 13:23 - 2014-04-30 23:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 20:54 - 2010-10-01 12:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 20:48 - 2013-07-14 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 20:34 - 2010-10-01 12:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 19:12 - 2013-09-17 19:29 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Guild Wars 2
2014-10-16 19:11 - 2012-09-08 18:26 - 00000000 ____D () C:\Users\Jan\Guild Wars 2
2014-10-15 19:58 - 2014-09-24 15:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-15 19:57 - 2011-12-26 10:15 - 00000000 ____D () C:\ProgramData\Skype
2014-10-15 10:40 - 2012-05-18 13:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-15 10:40 - 2012-05-07 14:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-10-15 10:40 - 2010-12-04 13:12 - 00000000 ____D () C:\Users\Thomas Lehr\AppData\Roaming\T-Mobile Internet Manager
2014-10-15 10:40 - 2010-10-16 09:35 - 00000000 ____D () C:\Users\Noemi.Desktop-PC
2014-10-15 10:40 - 2010-10-10 17:18 - 00000000 ____D () C:\Users\Andrea
2014-10-15 10:40 - 2010-10-09 09:03 - 00000000 ____D () C:\Users\Jan
2014-10-15 10:40 - 2010-10-01 12:10 - 00000000 ____D () C:\Users\Thomas Lehr
2014-10-15 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-15 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-15 10:39 - 2012-05-07 14:58 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
Files to move or delete:
====================
C:\Users\Noemi.Desktop-PC\jagex_cl_runescape_LIVE.dat
C:\Users\Noemi.Desktop-PC\random.dat
Some content of TEMP:
====================
C:\Users\Andrea\AppData\Local\Temp\tmp3C83.exe
C:\Users\Andrea\AppData\Local\Temp\tmp7ABD.exe
C:\Users\Andrea\AppData\Local\Temp\tmp801D.exe
C:\Users\Andrea\AppData\Local\Temp\tmp89F8.exe
C:\Users\Andrea\AppData\Local\Temp\tmp8BBF.exe
C:\Users\Andrea\AppData\Local\Temp\tmpACF4.exe
C:\Users\Andrea\AppData\Local\Temp\tmpC6C8.exe
C:\Users\Jan\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Jan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy3lrxa.dll
C:\Users\Jan\AppData\Local\Temp\EBU6A38.EXE
C:\Users\Jan\AppData\Local\Temp\EBU6D53.DLL
C:\Users\Jan\AppData\Local\Temp\FileSystemView.dll
C:\Users\Jan\AppData\Local\Temp\Gw2.exe
C:\Users\Jan\AppData\Local\Temp\ICReinstall_ZipSetup.exe
C:\Users\Jan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jan\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Jan\AppData\Local\Temp\tmp92B0.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\Delta.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\DeltaTB.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\Gw2.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\WSSetup.exe
C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\_is1FE6.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 19:55
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014
Ran by Noemi at 2014-11-09 13:53:13
Running from C:\Users\Noemi.Desktop-PC\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Antivirus (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Antivirus (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Abenteuer auf dem Reiterhof - Die wilden Mustangs (HKLM-x32\...\{F715F7A4-67BA-11DD-93EF-B74D56D89593}) (Version: 1.00.0000 - Phoenix Interactive)
Abenteuer auf dem Reiterhof 6 (HKLM-x32\...\{EEE76149-DC7F-4D3E-B021-6152DF574FA6}) (Version: 1.00 - UBISOFT)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.00 - Sunflowers)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C1200}) (Version: 12.18.0.91 - APN, LLC) <==== ATTENTION
Best Friends - Mein Pferd SE (Nur Entfernen) (HKLM-x32\...\Best Friends - Mein Pferd SE) (Version: - )
Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CASSY*Lab*2 (HKLM-x32\...\{9D282129-8D32-48D5-A76C-66D70E67A2FA}) (Version: 2.16.5092 - LD DIDACTIC GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
eDeals version 1.0 (HKLM-x32\...\eDeals_is1) (Version: 1.0 - eDeals)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - )
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Launch pad (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.15.358.0 - F-Secure Corporation)
F-Secure Launch pad (x32 Version: 2.15.358.0 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden
Geograficus (HKLM-x32\...\{45837193-03FA-47D5-B7C8-A8C05383D5DA}) (Version: 1.00.0000 - BrainGame Publishing GmbH)
Germany's next Topmodel 2011 (HKLM-x32\...\Germany's next Topmodel 2011) (Version: 1.0.0.1 - Sevengames)
GMX Toolbar MSVC100 CRT x64 (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
GMX Toolbar MSVC100 CRT x86 (x32 Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{4422D20B-F530-4E65-8504-31396C9BC066}) (Version: 3.0.3196 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Handset WinDriver 1.02.02.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.02.02.00 - Huawei technologies Co., Ltd.)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe)
iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.2834 - Bandoo Media Inc) <==== ATTENTION
iMesh (HKLM-x32\...\iMesh) (Version: 12.0.0.132217 - iMesh Inc.) <==== ATTENTION
iMesh (x32 Version: 12.0.0.132217 - iMesh Inc.) Hidden <==== ATTENTION
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
less2pay (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version: - "") <==== ATTENTION
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
Mathica (HKLM-x32\...\{511C626A-66BB-4E4D-8A23-5E8D52B8FA32}) (Version: 1.00.0000 - BrainGame Publishing GmbH)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pirates of the Caribbean (HKLM-x32\...\{C388D147-CCBA-411C-B9FC-2CC1B4EFB240}) (Version: - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Ribble (HKCU\...\Ribble) (Version: 1.3.4.0 - Dorrible)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Search-Results Toolbar (HKLM-x32\...\imeshtoolbar) (Version: 1.2.0.0 - APN LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version: - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.05 - Kalypso) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.0 - Activision)
Steuer 2010 (HKLM-x32\...\{4B526075-AF27-47A2-860D-3DA92928A051}) (Version: 17.07.00.0001 - Haufe-Lexware GmbH & Co.KG)
Steuer-Hilfesammlung 2010 (HKLM-x32\...\{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG)
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.00 - Firefly Studios)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
T-Mobile Internet Manager (HKLM-x32\...\T-Mobile Internet Manager) (Version: 11.301.05.00.108 - Huawei Technologies Co.,Ltd)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - UltraCoupon) <==== ATTENTION
Uniblue RegistryBooster (HKLM-x32\...\Uniblue RegistryBooster) (Version: 6.0.10.7 - Uniblue Systems Ltd)
Unlockmaster 3 (HKLM-x32\...\Unlockmaster 3) (Version: 3.0.0.0 - MAGIX AG)
Wendy (HKLM-x32\...\{1B4E3046-4982-4436-8B6F-2EE4F63326C9}) (Version: 1.0.0 - Astragon)
XMedia Recode Version 3.1.9.3 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.3 - XMedia Recode)
ZDFtivi_keksschoner Screen Saver (HKLM-x32\...\ZDFtivi_keksschoner) (Version: - )
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-10-2014 19:33:04 Windows Update
24-10-2014 11:41:07 Geplanter Prüfpunkt
01-11-2014 16:35:21 Geplanter Prüfpunkt
08-11-2014 17:48:17 Installed Java 7 Update 71
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02FD598F-F1BF-4D2E-AB3E-4CB2EB19D8D2} - System32\Tasks\Ribble => C:\Users\Noemi.Desktop-PC\AppData\Roaming\Dorrible\Ribble\d.exe
Task: {08F7C960-F135-41C8-B276-B7C2839A7236} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsav.exe [2014-06-24] (F-Secure Corporation)
Task: {134D3B78-2C0B-493C-A8EA-123883BB4729} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {433F098C-DABB-46F4-A797-8362E2AFECCF} - System32\Tasks\{9C3CE2BD-241E-4D6E-844C-0667D54AC7BE} => D:\start.exe
Task: {4B79259E-2E86-4FB1-B66C-34F3F366D42F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {73BC2317-34A0-43BF-89AB-7D271FE889CF} - System32\Tasks\RegistryBooster => C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-07] (Uniblue Systems Limited)
Task: {7DB88396-1244-4187-BD60-50F36A8FF4B0} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {A780B369-65D0-4757-BC7B-F64D5C901B02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {BEA16120-7A76-4D16-BFFC-F781F75854B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {C92334EA-E2AA-4E41-8DAB-770B56107812} - System32\Tasks\{01CD8784-34C3-47D1-BF38-D7A6B4A10E81} => D:\start.exe
Task: {E64544DF-4BFA-4FAC-81BD-631A7068F98D} - System32\Tasks\WinMaximizer-Thomas Lehr-Startup => C:\Program Files (x86)\WinMaximizer\WinMaximizer.exe
Task: {F655C08B-B83E-4B7D-8E6B-E2081D71BF95} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Kalypso\Sins of a Solar Empire\SINS_Launcher.exe [2008-05-08] (Stardock Entertainment, Inc.)
Task: {F69C7ADD-9E1E-4057-829F-BF026DCBF0C7} - System32\Tasks\{6A53D16F-7729-4DEA-96A7-367DB2E588CA} => D:\start.exe
Task: {F99EBE98-6079-43D3-8BF8-5493272DAB24} - System32\Tasks\{AD89D790-9164-47F6-B406-17676EABB379} => D:\start.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegistryBooster.job => C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\F-Secure\apps\COMPUT~1\ANTI-V~1\fsav.exe
Task: C:\Windows\Tasks\WinMaximizer-Thomas Lehr-Startup.job => C:\Program Files (x86)\WinMaximizer\WinMaximizer.exe
==================== Loaded Modules (whitelisted) =============
2014-07-03 18:25 - 2014-07-02 10:55 - 00665088 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
2014-11-08 19:03 - 2014-09-23 11:52 - 00007168 _____ () C:\Program Files (x86)\eDealPop\eDealPop.exe
2010-10-01 12:52 - 2009-08-24 13:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2012-12-19 15:32 - 2012-12-19 15:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-08 19:03 - 2014-11-04 12:22 - 00069120 _____ () C:\Windows\SysWOW64\SoftwareUtilityWiget\SoftwareUtilityWiget.exe
2014-07-03 18:25 - 2014-07-02 10:55 - 00022528 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Noemi.Desktop-PC\Downloads\AW_ WG_ Musik Mentor.eml:OECustomProperty
AlternateDataStreams: C:\Users\Thomas Lehr\Documents\Zeugnis1.jpeg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Thomas Lehr\Documents\Zeugnis1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Thomas Lehr\Documents\Zeugnis2.jpeg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Thomas Lehr\Documents\Zeugnis2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3210053169-4255539437-2466053138-500 - Administrator - Disabled)
Andrea (S-1-5-21-3210053169-4255539437-2466053138-1001 - Limited - Enabled) => C:\Users\Andrea
Gast (S-1-5-21-3210053169-4255539437-2466053138-501 - Limited - Disabled)
Jan (S-1-5-21-3210053169-4255539437-2466053138-1002 - Administrator - Enabled) => C:\Users\Jan
Noemi (S-1-5-21-3210053169-4255539437-2466053138-1004 - Administrator - Enabled) => C:\Users\Noemi.Desktop-PC
Thomas Lehr (S-1-5-21-3210053169-4255539437-2466053138-1000 - Administrator - Enabled) => C:\Users\Thomas Lehr
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/09/2014 01:53:21 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2 2014-11-09 13:53:21+02:00 DESKTOP-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
Error: (11/09/2014 01:43:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17344, Zeitstempel: 0x541b6f63
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x8cc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (11/09/2014 01:41:32 PM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2014-11-09 13:41:31+02:00 DESKTOP-PC DESKTOP-PC\Noemi F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (11/08/2014 07:07:56 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 11 2014-11-08 19:07:56+02:00 DESKTOP-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\program files (x86)\optimizer pro\optprouninstaller.exe
File hash: ff31cb2370f5332ea8dff1c8a6985752c461f58c
Error: (11/08/2014 07:03:31 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 10 2014-11-08 19:03:31+02:00 DESKTOP-PC Desktop-PC\Noemi F-Secure Anti-Virus
Malicious code found in file C:\Users\Noemi.Desktop-PC\AppData\Local\ApplicationFirmwareProgram\is-93FM1.tmp.
Infection: Suspicious:W32/Malware.f7c1574eed!Online
Action: The file was deleted.
Error: (11/08/2014 07:03:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 9 2014-11-08 19:03:24+02:00 DESKTOP-PC Desktop-PC\Noemi F-Secure Anti-Virus
Malicious code found in file C:\Users\Noemi.Desktop-PC\AppData\Local\ApplicationFirmwareProgram\is-H6BG5.tmp.
Infection: Suspicious:W32/Malware.f7c1574eed!Online
Action: The file was deleted.
Error: (11/08/2014 07:02:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 8 2014-11-08 19:02:51+02:00 DESKTOP-PC Desktop-PC\Noemi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Dropped:Adware.Generic.1040504
Object: C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\web1optimizer_Setup.exe
Error: (11/08/2014 07:01:24 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 7 2014-11-08 19:01:24+02:00 DESKTOP-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\noemi.desktop-pc\appdata\roaming\vopackage\vopackage.exe
File hash: 920f7272766213891fed4de3e1d23277f59bfc3b
Error: (11/08/2014 07:01:24 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 6 2014-11-08 19:01:24+02:00 DESKTOP-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\noemi.desktop-pc\appdata\roaming\vopackage\vopackage.exe
File hash: 920f7272766213891fed4de3e1d23277f59bfc3b
Error: (11/08/2014 07:01:12 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 5 2014-11-08 19:01:11+02:00 DESKTOP-PC Desktop-PC\Noemi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.Generic.1040705
Object: C:\Users\Noemi.Desktop-PC\AppData\Roaming\Dorrible\Ribble\d.exe
System errors:
=============
Error: (11/09/2014 01:38:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (11/08/2014 07:24:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (11/08/2014 03:39:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (11/07/2014 03:33:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/07/2014 03:33:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht.
Error: (11/07/2014 03:33:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (11/05/2014 06:27:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (11/05/2014 05:59:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/05/2014 05:59:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht.
Error: (11/05/2014 05:59:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Microsoft Office Sessions:
=========================
Error: (11/09/2014 01:53:21 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2 2014-11-09 13:53:21+02:00 DESKTOP-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
Error: (11/09/2014 01:43:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7538cc01cffc1ab01d4986C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllf2a6c415-680d-11e4-b175-6cf049b87b31
Error: (11/09/2014 01:41:32 PM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2014-11-09 13:41:31+02:00 DESKTOP-PC DESKTOP-PC\Noemi F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (11/08/2014 07:07:56 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 11 2014-11-08 19:07:56+02:00 DESKTOP-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\program files (x86)\optimizer pro\optprouninstaller.exe
File hash: ff31cb2370f5332ea8dff1c8a6985752c461f58c
Error: (11/08/2014 07:03:31 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 10 2014-11-08 19:03:31+02:00 DESKTOP-PC Desktop-PC\Noemi F-Secure Anti-Virus
Malicious code found in file C:\Users\Noemi.Desktop-PC\AppData\Local\ApplicationFirmwareProgram\is-93FM1.tmp.
Infection: Suspicious:W32/Malware.f7c1574eed!Online
Action: The file was deleted.
Error: (11/08/2014 07:03:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 9 2014-11-08 19:03:24+02:00 DESKTOP-PC Desktop-PC\Noemi F-Secure Anti-Virus
Malicious code found in file C:\Users\Noemi.Desktop-PC\AppData\Local\ApplicationFirmwareProgram\is-H6BG5.tmp.
Infection: Suspicious:W32/Malware.f7c1574eed!Online
Action: The file was deleted.
Error: (11/08/2014 07:02:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 8 2014-11-08 19:02:51+02:00 DESKTOP-PC Desktop-PC\Noemi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Dropped:Adware.Generic.1040504
Object: C:\Users\Noemi.Desktop-PC\AppData\Local\Temp\web1optimizer_Setup.exe
Error: (11/08/2014 07:01:24 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 7 2014-11-08 19:01:24+02:00 DESKTOP-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\noemi.desktop-pc\appdata\roaming\vopackage\vopackage.exe
File hash: 920f7272766213891fed4de3e1d23277f59bfc3b
Error: (11/08/2014 07:01:24 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 6 2014-11-08 19:01:24+02:00 DESKTOP-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\noemi.desktop-pc\appdata\roaming\vopackage\vopackage.exe
File hash: 920f7272766213891fed4de3e1d23277f59bfc3b
Error: (11/08/2014 07:01:12 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 5 2014-11-08 19:01:11+02:00 DESKTOP-PC Desktop-PC\Noemi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.Generic.1040705
Object: C:\Users\Noemi.Desktop-PC\AppData\Roaming\Dorrible\Ribble\d.exe
CodeIntegrity Errors:
===================================
Date: 2014-11-09 13:38:41.133
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-09 13:38:40.525
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-08 15:39:46.632
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-08 15:39:46.008
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-07 15:33:04.020
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-07 15:33:03.099
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-05 17:59:05.371
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-05 17:59:04.778
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-04 18:23:29.528
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-04 18:23:28.935
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X3 445 Processor
Percentage of memory in use: 36%
Total physical RAM: 4092.16 MB
Available physical RAM: 2584.63 MB
Total Pagefile: 8182.49 MB
Available Pagefile: 6192.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:465.66 GB) (Free:242.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 597943FD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Hoffe ich habe alles richtig gemacht! Vielen Dank schon mal für deine Hilfe! |
Hinweis:
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.