| |
| |||||||
Log-Analyse und Auswertung: BetterMarkit lässt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
09.01.2015, 19:22
| #1 |
| |  BetterMarkit lässt sich nicht entfernen Hallo, leider bin ich erst sehr spät auf dieses Forum aufmerksam geworden. Ich habe seit ca. 1er Woche Malware auf dem Rechner und bekomme sie nicht weg. Zunächst habe ich Malwarebytes premium rübergeschickt, der auch was gefunden, Neustart und immer noch Werbepopups und Fehlumleitungen (bei Rechtsklick im Browser). Betroffen sind Chrome (mein Lieblingsbrowser und Mozilla (habe ich bereits deinstalliert). Seit dem habe ich verschiedene Schritte unternommen, aber keine logfiles aufbewahrt. Mittlerweile finden AV und Antimalware-Tools aller couleur auch nichts mehr und trotzdem ist der Mist noch drauf. Ich könnte weiter mit IE und CometBird arbeiten, die beide nicht betroffen scheinen, doch weiss ich auch nicht, was sonst noch so "nach Hause telefoniert". Nachdem ich das Tutorial "Better Markit Virus entfernen" mehrfach ohne Erfolg durchgespielt habe, bin ich nun mit meinen Latein am Ende und brauche Hilfe. Eine Neuinstallation würde ich mir gerne ersparen wollen. Nachstehende Logfiles von gerade eben kann ich mal anhängen: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:32 on 09/01/2015 (vladimir)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by vladimir (administrator) on VLADIMIR-PC on 09-01-2015 18:36:28 Running from C:\Users\vladimir\Desktop Loaded Profile: vladimir (Available profiles: vladimir & Familie Jost) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) D:\StarMoney\ouservice\StarMoneyOnlineUpdate.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (CometNetwork) C:\Program Files (x86)\CometBird\cometbird.exe (Mozilla Corporation) C:\Program Files (x86)\CometBird\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Users\vladimir\Desktop\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [] => [X] HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] () HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\MountPoints2: {73d28201-e002-11e2-9a50-001d7d087eb6} - N:\autorun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-01] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => No File ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => No File ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\DVD Programme\Videolan\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\DVD Programme\Videolan\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3746786549-4074655040-3157731495-1001: @tools.google.com/Google Update;version=3 -> C:\Users\vladimir\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-3746786549-4074655040-3157731495-1001: @tools.google.com/Google Update;version=9 -> C:\Users\vladimir\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-09] CHR Extension: (Google Docs) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-09] CHR Extension: (Google Drive) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-09] CHR Extension: (YouTube) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-09] CHR Extension: (Google-Suche) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-09] CHR Extension: (Google Tabellen) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-09] CHR Extension: (Google Wallet) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09] CHR Extension: (Google Mail) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [12907520 2013-02-01] () [File not signed] R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware) [File not signed] R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] () R2 StarMoney 9.0 OnlineUpdate; D:\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET) S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-04-04] (GEAR Software Inc.) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-08] () R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.) S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] () S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 18:36 - 2015-01-09 18:42 - 00019123 _____ () C:\Users\vladimir\Desktop\FRST.txt 2015-01-09 18:34 - 2015-01-09 18:36 - 00000000 ____D () C:\FRST 2015-01-09 18:33 - 2015-01-09 18:33 - 02124288 _____ (Farbar) C:\Users\vladimir\Desktop\FRST64.exe 2015-01-09 18:32 - 2015-01-09 18:32 - 00000478 _____ () C:\Users\vladimir\Desktop\defogger_disable.log 2015-01-09 18:32 - 2015-01-09 18:32 - 00000000 _____ () C:\Users\vladimir\defogger_reenable 2015-01-09 18:30 - 2015-01-09 18:30 - 00050477 _____ () C:\Users\vladimir\Desktop\Defogger.exe 2015-01-09 07:17 - 2015-01-09 07:17 - 00259584 _____ (OldTimer Tools) C:\Users\vladimir\Desktop\OTH.scr 2015-01-09 07:14 - 2015-01-09 07:15 - 02953520 _____ (AVAST Software) C:\Users\vladimir\Desktop\avast-browser-cleanup_9.0.0.224.exe 2015-01-09 06:55 - 2015-01-09 06:55 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-09 06:55 - 2015-01-09 06:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-09 06:06 - 2015-01-09 06:06 - 00000000 ____D () C:\Users\vladimir\AppData\Local\CrashDumps 2015-01-09 00:05 - 2015-01-09 00:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK 2015-01-09 00:04 - 2015-01-09 00:04 - 00000000 ____D () C:\Program Files\Windows Imaging 2015-01-09 00:04 - 2015-01-09 00:04 - 00000000 ____D () C:\Program Files\Windows AIK 2015-01-08 23:20 - 2015-01-08 23:51 - 1706256384 _____ () C:\Users\vladimir\Desktop\KB3AIK_DE.iso 2015-01-08 23:01 - 2015-01-08 23:01 - 00000000 ____D () C:\Users\vladimir\AppData\Local\TeamViewer 2015-01-08 23:00 - 2015-01-08 23:00 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\ESET 2015-01-08 23:00 - 2015-01-08 23:00 - 00000000 ____D () C:\Users\vladimir\AppData\Local\ESET 2015-01-08 23:00 - 2015-01-08 23:00 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\ESET 2015-01-08 23:00 - 2015-01-08 23:00 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\ESET 2015-01-08 22:57 - 2015-01-08 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-01-08 22:57 - 2015-01-08 22:57 - 00000000 ____D () C:\ProgramData\ESET 2015-01-08 22:57 - 2015-01-08 22:57 - 00000000 ____D () C:\Program Files\ESET 2015-01-08 22:45 - 2015-01-09 06:51 - 00000000 ____D () C:\Windows\system32\log 2015-01-08 22:06 - 2015-01-08 22:06 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-01-08 22:06 - 2015-01-08 22:06 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-01-08 22:04 - 2015-01-08 22:19 - 01660616 _____ (ESET) C:\Users\vladimir\Desktop\eset_smart_security_live_installer_.exe 2015-01-08 19:46 - 2015-01-08 19:50 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\Microsoft Games 2015-01-08 19:14 - 2015-01-08 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-08 19:12 - 2015-01-08 19:44 - 00000000 ____D () C:\Users\Familie Jost\Desktop\mbar 2015-01-08 19:12 - 2015-01-08 19:12 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Familie Jost\Downloads\mbar-1.08.2.1001.exe 2015-01-08 19:11 - 2015-01-08 19:11 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\Macromedia 2015-01-08 19:11 - 2015-01-08 19:11 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\Macromedia 2015-01-08 19:10 - 2015-01-08 19:10 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\Mozilla 2015-01-08 19:10 - 2015-01-08 19:10 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\CometNetwork 2015-01-08 19:10 - 2015-01-08 19:10 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\CometNetwork 2015-01-08 19:07 - 2015-01-08 19:07 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\Google 2015-01-08 19:06 - 2015-01-08 19:06 - 00880784 _____ (Google Inc.) C:\Users\Familie Jost\Desktop\ChromeSetup.exe 2015-01-08 19:05 - 2015-01-08 19:05 - 00000000 __SHD () C:\Users\Familie Jost\AppData\Local\EmieUserList 2015-01-08 19:05 - 2015-01-08 19:05 - 00000000 __SHD () C:\Users\Familie Jost\AppData\Local\EmieSiteList 2015-01-08 19:05 - 2015-01-08 19:05 - 00000000 __SHD () C:\Users\Familie Jost\AppData\Local\EmieBrowserModeList 2015-01-08 19:05 - 2015-01-08 19:05 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\NVIDIA Corporation 2015-01-08 19:04 - 2015-01-08 22:45 - 00115168 _____ () C:\Users\Familie Jost\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-08 19:04 - 2015-01-08 19:04 - 00001425 _____ () C:\Users\Familie Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-08 19:04 - 2015-01-08 19:04 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\Adobe 2015-01-08 19:04 - 2015-01-08 19:04 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\NVIDIA 2015-01-08 19:03 - 2015-01-08 19:03 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\VirtualStore 2015-01-08 19:02 - 2015-01-08 19:03 - 00000000 ____D () C:\Users\Familie Jost 2015-01-08 19:02 - 2015-01-08 19:02 - 00000020 ___SH () C:\Users\Familie Jost\ntuser.ini 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Vorlagen 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Startmenü 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Netzwerkumgebung 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Lokale Einstellungen 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Eigene Dateien 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Druckumgebung 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Documents\Eigene Musik 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Documents\Eigene Bilder 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\AppData\Local\Verlauf 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\AppData\Local\Anwendungsdaten 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Anwendungsdaten 2015-01-08 19:02 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Familie Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-08 19:02 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Familie Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-08 17:18 - 2015-01-08 18:19 - 00000000 ____D () C:\Users\vladimir\Desktop\Windows 2015-01-08 17:04 - 2015-01-08 17:04 - 00001788 _____ () C:\Windows\system32\.crusader 2015-01-08 16:50 - 2015-01-08 17:07 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2015-01-08 16:49 - 2015-01-08 17:04 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-07 17:24 - 2015-01-08 05:46 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-01-07 17:24 - 2015-01-07 17:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-01-07 17:23 - 2015-01-07 17:24 - 18423384 _____ () C:\Users\vladimir\Desktop\RogueKillerX64.exe 2015-01-07 17:17 - 2015-01-08 05:44 - 00001808 _____ () C:\sc-cleaner.txt 2015-01-07 17:17 - 2015-01-07 17:17 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vladimir\Desktop\sc-cleaner.exe 2015-01-07 06:48 - 2015-01-07 06:48 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Mozilla 2015-01-07 06:43 - 2015-01-09 06:55 - 00000000 ____D () C:\Users\vladimir\AppData\Local\Google 2015-01-06 22:44 - 2015-01-06 22:52 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron 2015-01-06 22:23 - 2015-01-09 06:52 - 00004052 _____ () C:\Windows\PFRO.log 2015-01-06 21:59 - 2015-01-09 06:53 - 00003545 _____ () C:\Windows\setupact.log 2015-01-06 21:59 - 2015-01-06 21:59 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-06 20:39 - 2015-01-09 06:55 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-06 11:04 - 2015-01-06 10:48 - 00880784 _____ (Google Inc.) C:\Users\vladimir\Desktop\ChromeSetup.exe 2015-01-06 01:24 - 2015-01-06 01:24 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-06 00:56 - 2015-01-06 00:56 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\DropboxMaster 2015-01-06 00:55 - 2015-01-06 00:56 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-01-05 23:25 - 2015-01-05 23:25 - 00000000 ____D () C:\Windows\ERUNT 2015-01-05 23:22 - 2015-01-05 23:23 - 01707939 _____ (Thisisu) C:\Users\vladimir\Desktop\JRT.exe 2015-01-05 23:15 - 2015-01-05 23:15 - 00000000 __SHD () C:\Users\vladimir\AppData\Local\EmieBrowserModeList 2015-01-05 23:03 - 2015-01-09 06:51 - 00000000 ____D () C:\AdwCleaner 2015-01-05 23:02 - 2015-01-05 23:02 - 02173952 _____ () C:\Users\vladimir\Desktop\adwcleaner_4.106.exe 2015-01-05 21:24 - 2015-01-05 21:24 - 00004648 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini 2015-01-05 21:24 - 2015-01-05 21:24 - 00002480 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2015-01-05 21:24 - 2015-01-05 21:24 - 00002480 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-01-05 21:24 - 2015-01-05 21:24 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\LavasoftStatistics 2015-01-05 21:24 - 2015-01-05 21:24 - 00000000 ____D () C:\Users\vladimir\AppData\Local\Lavasoft 2015-01-05 21:24 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-01-05 21:24 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-01-05 21:23 - 2015-01-09 06:54 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-01-05 21:23 - 2015-01-05 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-01-05 21:23 - 2015-01-05 21:23 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2015-01-05 21:22 - 2015-01-05 21:22 - 00000000 ____D () C:\Program Files\Lavasoft 2015-01-05 21:21 - 2015-01-05 21:23 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Lavasoft 2015-01-05 21:21 - 2015-01-05 21:21 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2015-01-05 21:20 - 2015-01-05 21:23 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-01-05 21:16 - 2015-01-05 21:16 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2015-01-05 21:14 - 2015-01-05 23:15 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP 2015-01-05 20:59 - 2015-01-05 20:59 - 00000000 _____ () C:\autoexec.bat 2015-01-05 20:56 - 2015-01-05 20:56 - 00000115 _____ () C:\Users\vladimir\Desktop\Chrome 3.url 2015-01-05 20:56 - 2015-01-05 20:56 - 00000109 _____ () C:\Users\vladimir\Desktop\Chrome 4.url 2015-01-05 20:55 - 2015-01-05 20:55 - 00000200 _____ () C:\Users\vladimir\Desktop\Chrome2.url 2015-01-05 20:54 - 2015-01-05 20:55 - 00000137 _____ () C:\Users\vladimir\Desktop\chrome1.url 2015-01-05 14:03 - 2015-01-05 14:03 - 00000000 ____D () C:\Users\vladimir\Desktop\Film2 2015-01-05 11:00 - 2015-01-05 11:00 - 00000000 ____D () C:\Users\vladimir\Desktop\Film1 2015-01-05 02:20 - 2015-01-05 02:20 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\22543 2015-01-04 21:42 - 2015-01-04 21:42 - 00002351 _____ () C:\Windows\patsearch.bin 2015-01-04 21:17 - 2015-01-04 21:17 - 00000000 ____D () C:\Users\vladimir\Documents\Blu-ray Converter Ultimate 2015-01-04 20:18 - 2015-01-04 20:18 - 00000000 ____D () C:\Users\vladimir\Documents\AnyDVDHD 2015-01-04 20:17 - 2015-01-05 02:20 - 00000040 ___SH () C:\ProgramData\.zreglib 2015-01-04 20:15 - 2015-01-06 21:31 - 00000000 ____D () C:\ProgramData\Elaborate Bytes 2015-01-04 20:15 - 2015-01-06 21:31 - 00000000 ____D () C:\Program Files (x86)\SlySoft 2015-01-04 20:15 - 2015-01-06 21:30 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2015-01-04 20:15 - 2015-01-04 20:15 - 00000000 ____D () C:\ProgramData\SlySoft 2015-01-04 20:14 - 2015-01-04 20:14 - 00000000 ____D () C:\Users\vladimir\Documents\DVDFab9 2015-01-04 20:07 - 2015-01-04 20:07 - 00000000 ___HD () C:\ProgramData\vid 2015-01-04 20:07 - 2015-01-04 20:07 - 00000000 ___HD () C:\ProgramData\tks 2015-01-04 20:06 - 2015-01-04 20:19 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\log 2015-01-04 20:06 - 2015-01-04 20:06 - 00000000 ____D () C:\Users\vladimir\Documents\BDCopy 2015-01-01 21:36 - 2015-01-04 22:59 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\.ACEStream 2015-01-01 21:35 - 2015-01-04 22:59 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\ACEStream 2014-12-28 15:53 - 2014-12-28 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-12-28 13:14 - 2015-01-09 18:36 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001UA.job 2014-12-28 13:14 - 2015-01-09 13:36 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001Core.job 2014-12-28 13:14 - 2014-12-28 13:31 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001UA 2014-12-28 13:14 - 2014-12-28 13:31 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001Core 2014-12-26 13:17 - 2014-12-26 13:17 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-26 12:25 - 2014-12-27 19:37 - 00000000 ____D () C:\Program Files\Recuva 2014-12-26 11:49 - 2014-12-26 11:49 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\asoftech 2014-12-26 11:49 - 2014-12-26 11:49 - 00000000 ____D () C:\Program Files (x86)\Asoftech 2014-12-26 11:26 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL 2014-12-23 23:12 - 2014-12-13 01:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-12-23 23:08 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-23 23:08 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-12-23 23:08 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-12-23 23:08 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-12-23 23:08 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll 2014-12-18 08:24 - 2015-01-06 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-18 01:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 01:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 09:02 - 2014-12-17 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2014-12-16 21:01 - 2014-12-13 01:12 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-12-16 21:01 - 2014-12-13 01:12 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-12-16 21:01 - 2014-12-13 01:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-12-16 21:01 - 2014-12-13 01:12 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-12-16 20:59 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-16 20:59 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-13 17:30 - 2014-12-18 21:31 - 00000000 ____D () C:\Users\vladimir\AppData\Local\Spotify 2014-12-13 17:30 - 2014-12-13 17:30 - 00001823 _____ () C:\Users\vladimir\Desktop\Spotify.lnk 2014-12-13 17:29 - 2014-12-18 23:35 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Spotify 2014-12-11 03:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 03:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-11 01:36 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 01:36 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 01:36 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 01:36 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 01:36 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 01:36 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 01:36 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 01:36 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 01:36 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 01:36 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 01:36 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 01:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 01:36 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 01:36 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 01:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 01:36 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 01:36 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 01:36 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 01:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 01:36 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 01:36 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 01:36 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 01:36 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 01:36 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 01:36 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 01:36 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 01:36 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 01:36 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 01:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 01:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 01:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 01:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 01:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 01:36 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 01:36 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 01:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 01:36 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 01:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 01:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 01:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 01:36 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 01:36 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 01:36 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-11 01:35 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 01:35 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 01:35 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 01:35 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 01:35 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 01:35 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 01:35 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 01:35 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 01:35 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 01:35 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 01:35 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 01:35 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 01:35 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 01:35 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 01:35 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 01:35 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-11 01:35 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 01:35 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-11 01:35 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 01:35 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 01:35 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 01:35 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 01:35 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 01:35 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-11 01:35 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-11 01:35 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-11 01:35 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-11 01:35 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 18:32 - 2013-04-29 22:52 - 00000000 ____D () C:\Users\vladimir 2015-01-09 18:20 - 2014-05-14 10:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-09 18:00 - 2013-05-03 09:43 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-09 16:53 - 2014-06-20 21:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-09 07:01 - 2013-04-29 22:45 - 01562283 _____ () C:\Windows\WindowsUpdate.log 2015-01-09 07:01 - 2009-07-14 05:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-09 07:01 - 2009-07-14 05:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-09 07:00 - 2013-05-03 09:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-09 06:55 - 2013-05-03 09:43 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-09 06:55 - 2013-05-03 09:43 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-09 06:53 - 2013-04-29 23:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-09 06:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-09 06:34 - 2009-07-14 05:45 - 00442616 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-09 06:30 - 2013-05-02 14:35 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-01-08 22:43 - 2013-04-29 23:50 - 00115168 _____ () C:\Users\vladimir\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-08 22:07 - 2013-05-06 10:28 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-08 22:06 - 2013-05-06 10:31 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\TeamViewer 2015-01-08 20:34 - 2013-05-02 14:47 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\vlc 2015-01-08 20:31 - 2014-10-25 23:12 - 00000000 ____D () C:\Users\vladimir\Desktop\Videobearbeitung 2015-01-07 05:55 - 2013-10-05 11:45 - 00000000 ____D () C:\Users\vladimir\AppData\Local\Downloaded Installations 2015-01-06 22:10 - 2014-07-04 04:41 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\DVDVideoSoft 2015-01-06 21:56 - 2013-09-16 16:32 - 00000000 ____D () C:\ProgramData\VSO 2015-01-06 21:30 - 2013-09-16 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2015-01-06 21:30 - 2013-09-16 16:32 - 00000000 ____D () C:\Program Files (x86)\VSO 2015-01-06 21:11 - 2013-09-16 16:32 - 00099384 _____ () C:\Users\vladimir\AppData\Roaming\inst.exe 2015-01-06 21:11 - 2013-09-16 16:32 - 00082816 _____ (VSO Software) C:\Users\vladimir\AppData\Roaming\pcouffin.sys 2015-01-06 21:11 - 2013-09-16 16:32 - 00007859 _____ () C:\Users\vladimir\AppData\Roaming\pcouffin.cat 2015-01-06 21:11 - 2013-09-16 16:32 - 00000055 _____ () C:\Users\vladimir\AppData\Roaming\pcouffin.log 2015-01-06 21:11 - 2013-09-16 15:33 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Vso 2015-01-06 18:56 - 2013-05-03 09:42 - 00000000 ____D () C:\Program Files (x86)\Googlex 2015-01-06 17:02 - 2013-09-16 15:34 - 00000000 ____D () C:\Users\vladimir\Documents\ConvertXToDVD 2015-01-06 15:48 - 2014-04-10 07:39 - 00000000 ____D () C:\Program Files (x86)\4Videosoft Studio 2015-01-06 15:48 - 2013-04-29 23:51 - 00000000 ____D () C:\Program Files (x86)\SIW 2015-01-06 01:34 - 2014-06-20 21:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-06 01:34 - 2014-06-20 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-06 01:34 - 2014-06-20 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-06 00:54 - 2014-06-21 19:41 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Dropbox 2015-01-06 00:41 - 2014-06-21 19:45 - 00000000 ___RD () C:\Users\vladimir\Dropbox 2015-01-06 00:38 - 2014-10-26 16:10 - 00000000 ____D () C:\Users\vladimir\Desktop\E-Book Folder 2015-01-05 20:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-05 19:16 - 2013-04-29 23:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-05 15:21 - 2009-07-14 19:18 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents 2015-01-05 15:14 - 2014-11-01 22:04 - 00134913 _____ () C:\Users\vladimir\Desktop\Monatsübersicht Ausgaben Haushalt.xlsx 2015-01-05 07:46 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-01-05 01:44 - 2014-03-01 15:42 - 00000000 ____D () C:\Windows\pss 2015-01-04 23:05 - 2014-01-27 10:39 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\concept design 2015-01-03 17:52 - 2013-05-03 09:20 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\dvdcss 2015-01-02 20:23 - 2013-10-08 17:28 - 00000075 _____ () C:\Users\vladimir\AppData\default.pls 2015-01-02 14:57 - 2009-07-14 18:58 - 00717634 _____ () C:\Windows\system32\perfh007.dat 2015-01-02 14:57 - 2009-07-14 18:58 - 00155194 _____ () C:\Windows\system32\perfc007.dat 2015-01-02 14:57 - 2009-07-14 06:13 - 01657428 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-02 13:53 - 2013-06-09 08:07 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2015-01-02 13:53 - 2013-06-09 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-01-02 13:53 - 2013-06-09 08:07 - 00000000 ____D () C:\Program Files (x86)\Calibre2 2015-01-02 02:10 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-01-01 22:27 - 2013-05-02 14:10 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-01 22:27 - 2013-05-02 14:10 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-31 12:14 - 2013-04-29 23:06 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-28 00:27 - 2013-04-29 22:52 - 00000000 ____D () C:\Users\vladimir\AppData\Local\VirtualStore 2014-12-26 11:24 - 2014-02-22 07:08 - 00001973 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-12-26 04:24 - 2013-05-02 15:25 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-24 23:12 - 2014-09-20 17:02 - 00001208 _____ () C:\Users\vladimir\Desktop\Amazon Music.lnk 2014-12-23 23:13 - 2014-07-06 16:01 - 00000000 ____D () C:\Temp 2014-12-23 23:13 - 2013-04-29 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-12-17 09:02 - 2013-11-03 01:10 - 00000425 _____ () C:\Users\vladimir\AppData\Local\UserProducts.xml 2014-12-16 21:06 - 2013-04-29 23:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-12-16 21:05 - 2014-10-13 08:26 - 00000000 ____D () C:\Users\vladimir\AppData\Local\NVIDIA Corporation 2014-12-16 21:01 - 2013-04-29 23:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-12-16 21:01 - 2013-04-29 23:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-12-13 11:08 - 2014-11-10 21:31 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-13 11:08 - 2014-11-05 19:53 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-12-13 11:08 - 2013-08-21 21:17 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 00027983 _____ () C:\Windows\system32\nvinfo.pb 2014-12-13 09:03 - 2013-04-29 23:29 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-12-13 09:03 - 2013-04-29 23:29 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-12-13 09:03 - 2013-04-29 23:29 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-12-13 09:03 - 2013-04-29 23:29 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-12-13 09:03 - 2013-04-29 23:29 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-12-13 09:03 - 2013-04-29 23:29 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-12-13 03:28 - 2013-06-09 08:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-13 00:11 - 2013-04-29 23:29 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin 2014-12-11 04:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 03:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 03:11 - 2013-08-16 02:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 03:03 - 2013-04-30 05:49 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 17:42 - 2013-11-03 01:10 - 00000000 ____D () C:\Program Files (x86)\Skillbrains 2014-12-10 11:20 - 2014-05-14 10:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 11:20 - 2014-05-14 10:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 11:20 - 2014-05-14 10:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Some content of TEMP: ==================== C:\Users\vladimir\AppData\Local\Temp\dllnt_dump.dll C:\Users\vladimir\AppData\Local\Temp\InstHelper.exe C:\Users\vladimir\AppData\Local\Temp\Quarantine.exe C:\Users\vladimir\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 12:07 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by vladimir at 2015-01-09 18:43:23
Running from C:\Users\vladimir\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Videosoft 3D Converter 5.1.15 (HKLM-x32\...\{8C9467CB-02EF-4948-B1F3-725EEFA6D571}_is1) (Version: - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Ashampoo MP3 Cover Finder v.1.0.7 (HKLM-x32\...\{5A842CF6-7E61-52D7-C64C-2F20E9D408F1}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{BED35097-6053-4E51-B9EC-A779CCCDEE72}) (Version: 2.15.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork)
Dropbox (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IsoBuster 2.2 (HKLM-x32\...\IsoBuster_is1) (Version: 2.2 - Smart Projects)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MySQL Server 5.6 (HKLM\...\{56DA0CB5-ABD2-4318-BEAB-62FDBC9B12CC}) (Version: 5.6.10 - Oracle Corporation)
Nero 8 (HKLM-x32\...\{3C5F1B30-B10B-4579-86DD-D00F662E1031}) (Version: 8.3.171 - Nero AG)
Nero Mega Plugin Pack (HKLM-x32\...\{EF901A4B-A25A-4962-83C6-C6691D062ED9}) (Version: 2.0 - MaCiO)
NetTV+ Player 4 (HKLM-x32\...\NetTV+ Player 4) (Version: 00.04.05.04 - NETTVPLUS)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
Philips Media Convertor v1.2 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.45 - )
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
Readon TV Movie Radio Player 7.5.0.0 (HKLM-x32\...\{03840E8D-A75E-4C49-ADFC-09A867C7F943}) (Version: 7.5.0 - Readon Technology)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SiSoftware Sandra Lite 2013.SP6 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.66.2013.10 - SiSoftware)
SIW version 2010.03.10 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.03.10 - Topala Software Solutions)
Skype™ 6.18 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 S-Edition (HKLM-x32\...\{612E9353-8B8D-4AB0-861E-FAEBE9DC0C73}) (Version: 9.0 - Star Finanz GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tag&Rename 3.5 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.5 - Softpointer Inc)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
Web Companion (HKLM-x32\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
XBMC (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\XBMC) (Version: - Team XBMC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-01-2015 06:01:20 Removed Google Earth Plug-in.
07-01-2015 23:04:28 Windows Update
08-01-2015 17:03:30 Prüfpunkt von HitmanPro
08-01-2015 17:04:30 Prüfpunkt von HitmanPro
08-01-2015 18:54:59 Removed Adobe Acrobat 9 Pro Extended 64-bit Add-On.
09-01-2015 00:01:12 Windows Automated Installation Kit wird installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00B1F9A7-BDF4-419D-8598-751166276420} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001UA => C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0422EE4B-4234-42A4-BCBA-6DD0097C98E8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {1AF7B609-D127-46A7-870A-53F718E36864} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {2A3BFE24-CB74-4F4D-B3DF-3F40DB545CC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {3E855990-8677-45F6-84B6-0491CB4BC86D} - System32\Tasks\{16E21AAC-4AF4-4D32-ABC1-95D6DC75B576} => pcalua.exe -a C:\Users\vladimir\Downloads\FLVPlayerSetup.exe -d C:\Users\vladimir\Downloads
Task: {44E78B6C-129F-44DA-9C96-FA371A5718A1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DC6540B-4B7E-4E1D-9A38-934AB14FA9F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6F6EE5BF-412D-41AA-A0D7-CACB4BAA0AE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {9C29DB38-31DC-4540-B3A5-004CE4E0C51B} - System32\Tasks\{EC862365-9A58-4D59-9ED0-D6F62FA30F8F} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {BFF5B8F5-88DD-4B53-826B-7CDA92D808ED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001Core => C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D1B659E7-EB5E-448B-8375-AE4F8264EDE6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {E9F423D4-81EB-4549-A58B-743BFD792404} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F8E6352B-7120-43FA-B4C0-DC912430D11E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FF38BDF2-E8DE-48DB-A77B-38F35F16EF9D} - System32\Tasks\{64486A69-B48B-4A18-9470-5F44D1F26655} => pcalua.exe -a C:\Users\vladimir\Downloads\CometBird_11.0_de_setup.exe -d C:\Users\vladimir\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001Core.job => C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001UA.job => C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-29 23:29 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-20 20:39 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2013-02-01 15:09 - 2013-02-01 15:09 - 12907520 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 02757456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2013-05-18 21:20 - 2006-12-11 01:14 - 00043008 _____ () D:\Tools\Packer - Programme\Win Rar\rarext64.dll
2013-05-02 10:47 - 2008-05-17 02:12 - 00048896 _____ () D:\Audio - Programme\TagRename\TRshell64.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-09 18:30 - 2015-01-09 18:30 - 00050477 _____ () C:\Users\vladimir\Desktop\Defogger.exe
2014-08-17 19:10 - 2011-01-13 09:44 - 00232800 _____ () D:\StarMoney\ouservice\PATCHW32.dll
2013-08-14 13:20 - 2012-04-01 07:03 - 01949184 _____ () C:\Program Files (x86)\CometBird\mozjs.dll
2014-12-10 11:20 - 2014-12-10 11:20 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear SA4VBE Device Manager.lnk => C:\Windows\pss\Philips GoGear SA4VBE Device Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\vladimir\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\vladimir\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B17DF3A66221A0B75A6BB6688AEBF93C => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Kies3PDLR.exe => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe Run Kies3
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MouseDriver => TiltWheelMouse.exe
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: PixelPlanet PdfPrinter-Monitor => "C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\vladimir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
========================= Accounts: ==========================
Administrator (S-1-5-21-3746786549-4074655040-3157731495-500 - Administrator - Disabled)
Familie Jost (S-1-5-21-3746786549-4074655040-3157731495-1004 - Administrator - Enabled) => C:\Users\Familie Jost
Gast (S-1-5-21-3746786549-4074655040-3157731495-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3746786549-4074655040-3157731495-1002 - Limited - Enabled)
vladimir (S-1-5-21-3746786549-4074655040-3157731495-1001 - Administrator - Enabled) => C:\Users\vladimir
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/09/2015 04:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/09/2015 04:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/09/2015 02:38:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/09/2015 02:37:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/09/2015 02:37:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/09/2015 02:35:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/09/2015 02:35:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/09/2015 02:35:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/09/2015 06:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartCD.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x75164f11
ID des fehlerhaften Prozesses: 0x1f1c
Startzeit der fehlerhaften Anwendung: 0xStartCD.exe0
Pfad der fehlerhaften Anwendung: StartCD.exe1
Pfad des fehlerhaften Moduls: StartCD.exe2
Berichtskennung: StartCD.exe3
Error: (01/08/2015 11:51:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/09/2015 01:36:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:36:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:36:06 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:36:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:36:00 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:35:58 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:35:55 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:35:52 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:35:49 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 07:18:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/09/2015 04:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe
Error: (01/09/2015 04:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe
Error: (01/09/2015 02:38:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (01/09/2015 02:37:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1
Error: (01/09/2015 02:37:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
Error: (01/09/2015 02:35:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe
Error: (01/09/2015 02:35:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe
Error: (01/09/2015 02:35:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
Error: (01/09/2015 06:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: StartCD.exe0.0.0.000000000unknown0.0.0.000000000c000041d75164f111f1c01d02b96d6e00f32E:\StartCD.exeunknownf202f3f1-97bc-11e4-a45d-001d7d087eb6
Error: (01/08/2015 11:51:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\vladimir\Downloads\esetsmartinstaller_deu(1).exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 4094.49 MB
Available physical RAM: 900.99 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5077.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.18 GB) (Free:181.56 GB) NTFS
Drive d: (Programme) (Fixed) (Total:443.23 GB) (Free:191.35 GB) NTFS
Drive f: (Backup (1000 GB)) (Fixed) (Total:928.46 GB) (Free:392.08 GB) NTFS
Drive k: (Extern 1 - Musik (2000GB)) (Fixed) (Total:1863.02 GB) (Free:696.71 GB) NTFS
Drive l: (Extern 2 - Musik & Film (1500GB)) (Fixed) (Total:1397.26 GB) (Free:188.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 74058E64)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16DA9775)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 00144DCA)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002DE0F)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
PS: Farbar Recovery Scan Tool ist noch offen, mit der Option "Fix" was ich noch nicht getan habe. Auch ist Defogger noch offen Danke Olli |
|
09.01.2015, 19:33
| #2 |
| /// TB-Ausbilder   | BetterMarkit lässt sich nicht entfernen Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Hast du noch Logdateien von MBAM, AdwCleaner und JRT? Wenn ja, bitte posten! Du hast ESET UND Ad-Adware Antivirus installiert. Bitte eines davon deinstallieren! Scan mit Combofix
|
|
09.01.2015, 23:49
| #3 |
| | BetterMarkit lässt sich nicht entfernen wie verhalte ich mich mit den beiden noch offenen Tools "Defogger" und Farbar Recovery Scan"? Ausserdem fordert die Deinstallation des 2. AV Programms einen Neustart. Spätestens damit würde ich die offenen Tools schließen. Habe keine weiteren Logs mehr gefunden. Combo liegt einsatzbereit auf dem Desktop
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.07.2014 Suchlauf-Zeit: 17:14:33 Logdatei: MBAM.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.06.06 Rootkit Datenbank: v2014.07.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: vladimir Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 322593 Verstrichene Zeit: 16 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 2 PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\updateYawtix.exe, 2680, Löschen bei Neustart, [0846811b0378fc3a3d0a7918d62bb24e] PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\~nsu.tmp\Au_.exe, 3812, Löschen bei Neustart, [6ce2f9a31d5eb77f77ebe8a0ed1437c9] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 16 PUP.Optional.Yawtix.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Yawtix, In Quarantäne, [0846811b0378fc3a3d0a7918d62bb24e], PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [f559bddf93e848ee0c7bbcd6659c629e], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [6fdf76263744e74f84b47016ce347888], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [6fdf76263744e74f84b47016ce347888], PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f9c8ce1b-66a0-4f45-af10-5f24ef19bc4e}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7], PUP.Optional.Yawtix.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A3DF879E-2EB5-4891-B941-503826264D8C}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7], PUP.Optional.Yawtix.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE3B64BC-D655-4A40-8F62-91FF0E8860E2}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7], PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE3B64BC-D655-4A40-8F62-91FF0E8860E2}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7], PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A3DF879E-2EB5-4891-B941-503826264D8C}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7], PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F9C8CE1B-66A0-4F45-AF10-5F24EF19BC4E}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3746786549-4074655040-3157731495-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [2925b9e38cef59dd09cafa52b84ad729], PUP.Optional.Yawtix.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Yawtix, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\Yawtix, In Quarantäne, [5fef0597a2d9290d02b2298d877b718f], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [c787c2da8af1bb7b3105c9ecdb27de22], PUP.Optional.Yawtix.A, HKU\S-1-5-21-3746786549-4074655040-3157731495-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Yawtix, In Quarantäne, [e8666b3135461026a70e5363b84a51af], Registrierungswerte: 3 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll acaptuser64.dll, In Quarantäne, [9eb0f8a46b108ea86e6017f7ad571ae6] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll, In Quarantäne, [5cf2792358230432785669a5838136ca] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [c787c2da8af1bb7b3105c9ecdb27de22] Registrierungsdaten: 3 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll acaptuser64.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Ersetzt,[f45a7b2103782d097a0d6929ac55e020] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Ersetzt,[e46a75270774d1653e490e842cd5f20e] PUP.Optional.Trovi.A, HKU\S-1-5-21-3746786549-4074655040-3157731495-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=),Ersetzt,[bb93376589f279bd827aa5e4bd47946c] Ordner: 29 PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix, Löschen bei Neustart, [321c4656bebdd4628c27bff7fb077b85], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.OpenCandy, C:\Users\vladimir\AppData\Roaming\OpenCandy, In Quarantäne, [2f1f4d4f1b6040f695a4d6c306fc9f61], PUP.Optional.OpenCandy, C:\Users\vladimir\AppData\Roaming\OpenCandy\A6700865A248403097E53675859122FE, In Quarantäne, [2f1f4d4f1b6040f695a4d6c306fc9f61], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect, Löschen bei Neustart, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect, Löschen bei Neustart, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\UI, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.Extutil.A, C:\Users\vladimir\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [aea05a42314af4420f783978cb37df21], PUP.Optional.Managera.A, C:\Users\vladimir\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, In Quarantäne, [1e30277553281e185830d5dc0bf7ec14], Dateien: 117 PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Löschen bei Neustart, [a1adb6e64536b2845d2a6b2745bce719], PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\updateYawtix.exe, Löschen bei Neustart, [0846811b0378fc3a3d0a7918d62bb24e], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Löschen bei Neustart, [f559bddf93e848ee0c7bbcd6659c629e], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Löschen bei Neustart, [95b9118bf586c3730285a3ef05fc4eb2], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Löschen bei Neustart, [103e13892556072ff295eba7ca37ef11], PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\~nsu.tmp\Au_.exe, Löschen bei Neustart, [6ce2f9a31d5eb77f77ebe8a0ed1437c9], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [f45a7b2103782d097a0d6929ac55e020], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, In Quarantäne, [e46a75270774d1653e490e842cd5f20e], PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\YawtixBHO.dll, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7], PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nsx191C.exe, In Quarantäne, [0747613bbbc07bbba6bcf7918a7747b9], PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nscAEDF.exe, In Quarantäne, [8dc17626d5a63bfb74ee533521e010f0], PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nsd145B.exe, In Quarantäne, [9cb29dff601bd75f243e295fa160ee12], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\Temp\nsh4F02.tmp, In Quarantäne, [ba9426767cff2a0c17705141e120aa56], PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nsnAA8B.exe, In Quarantäne, [044aa7f56a11b680115100888f727090], PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nsnB2C7.exe, In Quarantäne, [6de127756b107cbabba7c6c2e71aca36], PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nss1D90.exe, In Quarantäne, [3f0fccd08deead899ac8068212ef46ba], PUP.Optional.Downloader, C:\Users\vladimir\Downloads\Setup.exe, In Quarantäne, [65e98a12d9a226102e5c1f6ae0245ea2], PUP.Optional.YourFileDownloader, C:\Users\vladimir\Downloads\chicago-bulls_downloader.exe, In Quarantäne, [ada1dcc089f2280e081ace50fb0527d9], PUP.Optional.Yawtix.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\2mkc92m4.Freezers-Hockey\extensions\{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi, In Quarantäne, [d17db6e6f78476c0d7ce12a10bf7e31d], PUP.Optional.Yawtix.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\lz9ywgr4.test\extensions\{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi, In Quarantäne, [fb5388146e0dbd79594cc9ea6a986898], PUP.Optional.Yawtix.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\xo1ykkqx.KoC-Gast\extensions\{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi, In Quarantäne, [59f52a729fdc4aec00a51c9707fbac54], PUP.Optional.Yawtix.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\zaf37rbp.Normales surfen\extensions\{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi, In Quarantäne, [a3abd7c5116ae0561b8aad06f50d2bd5], PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\Yawtix.ico, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85], PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\0, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85], PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\7za.exe, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85], PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\updateYawtix.InstallState, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85], PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\YawtixUninstall.exe, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85], PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\2mkc92m4.Freezers-Hockey\searchplugins\trovi-search.xml, In Quarantäne, [0549bddfdf9c92a49d1d318f56ac1ee2], PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\lz9ywgr4.test\searchplugins\trovi-search.xml, In Quarantäne, [d17dfca0bdbe82b4625818a80002ca36], PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\zaf37rbp.Normales surfen\searchplugins\trovi-search.xml, In Quarantäne, [331b8b117506a492ac0edee2659db34d], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a], PUP.Optional.OpenCandy, C:\Users\vladimir\AppData\Roaming\OpenCandy\A6700865A248403097E53675859122FE\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe, In Quarantäne, [2f1f4d4f1b6040f695a4d6c306fc9f61], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a], PUP.Optional.Extutil.A, C:\Users\vladimir\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [aea05a42314af4420f783978cb37df21], PUP.Optional.Extutil.A, C:\Users\vladimir\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [aea05a42314af4420f783978cb37df21], PUP.Optional.Extutil.A, C:\Users\vladimir\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [aea05a42314af4420f783978cb37df21], PUP.Optional.Managera.A, C:\Users\vladimir\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [1e30277553281e185830d5dc0bf7ec14], PUP.Optional.Managera.A, C:\Users\vladimir\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [1e30277553281e185830d5dc0bf7ec14], PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=" ],), Ersetzt,[d47a39630d6e5dd95ba2833f2dd747b9] PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=",), Ersetzt,[84ca8f0db8c3b68037c7ebd701034ab6] PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\2mkc92m4.Freezers-Hockey\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=");), Ersetzt,[60ee2f6d453602345c9e5171aa5a6c94] PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\2mkc92m4.Freezers-Hockey\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E");), Ersetzt,[54fa3d5f5427f54110ebfac8ad57867a] PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\lz9ywgr4.test\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=");), Ersetzt,[ef5f217b6c0f9f97b5452c960004a45c] PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\lz9ywgr4.test\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E");), Ersetzt,[55f9f9a3ea91e056c2396a58768ecb35] PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\zaf37rbp.Normales surfen\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=");), Ersetzt,[d17dd4c8a6d54de99d5d81415ea69a66] PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\zaf37rbp.Normales surfen\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E");), Ersetzt,[aea00597582339fd3fbcbb07c34140c0] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c2209fd709ec4a4d97afe3b23afcc3a3
# engine=21833
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-06 02:58:07
# local_time=2015-01-06 03:58:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9323056 148883135 0 0
# scanned=1109693
# found=50
# cleaned=50
# scan_time=28758
sh=0D8668CF0AC7D53CC5D1CBDB97405E0FC0FE42EC ft=1 fh=9827c864fb8b5371 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\4Videosoft Studio\f88a9246-a7a8-4fda-91b9-2086fae4a60b.dll"
sh=4A56F8FC54F18AAD96FCFD0AD972612D7B54A924 ft=1 fh=64584fffcd3c0785 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Enigma Software Group\SpyHunter\spyhunter.4.3.32-patch.exe"
sh=1087416D30709C840DDF8C26B9B7E93A4F9A424A ft=1 fh=263cb55aa8367f0b vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SIW\siw.exe"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\31iroxfs.Speedtest\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\3dfpzqfo.Olli 433\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\42cr2389.Dani 434\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\g4xjmmxw.Dani_380\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=47BD9CDB767DA544BA171051BB73892FE2DB863F ft=1 fh=538dead66d099a83 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\BestVideoDownloaderSetup-TurboUpgrade.exe"
sh=48245FC9CFC465D189A01D5B484DCCA90EF2E627 ft=1 fh=de809c6439ab0a84 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\FreeVideoConverterSetup.exe"
sh=A966BECF5434882FDB88FA06282641190C879C59 ft=1 fh=04b73292b1313cd3 vn="Variante von Win32/InstallCore.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\fvdsuite_installer.exe"
sh=D0CABAD570CAC11CBB32F46F316546BAAC72759E ft=1 fh=5d292ef713413fd0 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\GoogleChromeExtensionUpdate_m3.exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\MyPhoneExplorer_Setup_1.8.5.exe"
sh=3094664D1394F9FB6ACC4749637602F05C91E58D ft=1 fh=cc8b4d4c983f3ca7 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\rcsetup142.exe"
sh=E869B1A048B436BF8BDFEB87B8EF405D384316E4 ft=1 fh=4e02d0934a11c13f vn="Win32/RegistryBooster evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\registrybooster.exe"
sh=BE6DF413F8E7D87A7B5DAD15FDDED148EDAB56D0 ft=1 fh=8326362d6880baa8 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\Setup74_FreeFlvConverter.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\Unlocker1.9.1.exe"
sh=F761F86A7DE48EDABC57FCBCF500972CCEC3C48E ft=1 fh=f05a3bf8bb8d516b vn="Win32/InstallCore.BN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\ZipExtractorSetup.exe"
sh=792F41E8858D51522C5B5E992B5DDFFA44105365 ft=1 fh=1a4265f23e541de8 vn="NSIS/TrojanDownloader.Adload.AA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Downloads\FLVPlayer-Chrome.exe"
sh=5F7557FFE04DA0EB3E76A43659D26EF929DFCC7D ft=1 fh=ab7114e96761e2d9 vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Downloads\FreeWebMVideoConverter.exe"
sh=5CA96A0C243390C378DEE1A629684EA261E2CFC4 ft=1 fh=a717dcd23690f0a7 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Downloads\SetupImgBurn_2.5.8.0.exe"
sh=444ACE7F01A9F49099781EDD53DCA8371792FE5A ft=1 fh=5cde73de24e6a811 vn="Variante von Win32/Keygen.AG potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Audio - Programme\Winamp\(ES) DFX 8\install\Windows Media Player\keygen\Key.exe"
sh=E66527D85670538085DAE0F8268C9E5645056E72 ft=1 fh=706f18e18602624f vn="Variante von Win32/HackTool.Patcher.M potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\DVD Programme\MPack Pro\Da_Ordxpack.exe"
sh=A5B573D5DDEEA1126F249AFBBA6952CAC6A6F850 ft=1 fh=4e391c6c3160de37 vn="Win32/ServU-Daemon potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Serv-U\ServUDaemon.exe"
sh=4C3F2BF29E630206875862BF0F5BA1B7BCFDA82F ft=1 fh=ec4b64b5f23bcdb8 vn="Variante von Win32/ServU-Daemon.AA potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Serv-U\ServUTray.exe"
sh=A5B573D5DDEEA1126F249AFBBA6952CAC6A6F850 ft=1 fh=4e391c6c3160de37 vn="Win32/ServU-Daemon potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Tools\Serv-U\ServUDaemon.exe"
sh=6DF695F364CF5FCDB9C4626D6CD9E9526AA87315 ft=1 fh=80891607c44a62cf vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Backup Holger Stoll =-\System-Benutzer-User\Desktop\FreeYouTubeToMp3Converter_3.9.32.exe"
sh=80B8FE30BD8F15B63904E68C17C98155B59F906D ft=1 fh=0047b5debc58dc39 vn="Variante von Win32/HackTool.Patcher.AK potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Navigation =-\9.) Seekarten\MAPTECH CHART NAVIGATOR PRO v1.1.61\Crack\Crack.exe"
sh=80B8FE30BD8F15B63904E68C17C98155B59F906D ft=1 fh=0047b5debc58dc39 vn="Variante von Win32/HackTool.Patcher.AK potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Navigation =-\Navi\MapTech\Maptech CNP 1.1\MAPTECH CHART NAVIGATOR PRO v1.1.61\Crack\Crack.exe"
sh=80B8FE30BD8F15B63904E68C17C98155B59F906D ft=1 fh=0047b5debc58dc39 vn="Variante von Win32/HackTool.Patcher.AK potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Navigation =-\Navi\Maptech_CNP_1.1.61\MAPTECH CHART NAVIGATOR PRO v1.1.61\Crack\Crack.exe"
sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Software =-\ADOBE\PHOTOSHOP CS4 Ex\Crack\disable_activation.cmd"
sh=5E6A03871B397414C36AF1E1359FE014C7761B74 ft=1 fh=ee8c5e224a6823f5 vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Software =-\nero\NeroBootDisc\ISSETU~0\{BF80A~0\TOOLBAR.EXE"
sh=604CA435CEE366D37545A567237F7C5DBF394274 ft=1 fh=208c1d4f591f86a1 vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Ablage\cpuz_151_setup.exe"
sh=96EC91C7D21CC56C29A23A2D2D252CDD33545491 ft=1 fh=da2ab002893d059c vn="Variante von Win32/Keygen.CY potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Ablage\aaa-Programme für Neuinstallation\Nero\Ahead.Nero.Digital.Pro.v3.1.0.14a.Incl.Keygen-ORiON\Keygen.exe"
sh=F478383D986D3153AC439B95F3DB9371207F4377 ft=1 fh=cbebd7942d3eaaa1 vn="Variante von Win32/HackTool.Patcher.BM potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Audio Tools\dBPower\DB Power amp\crack.exe"
sh=A2E8C51C4345BA061242E47E3E3333F6F304A3E6 ft=1 fh=4aa9a8a6ae73b203 vn="Variante von Win32/Keygen.AG potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Audio Tools\MediaMonkey.Gold.v3.0.3.1183.Multilingual.Incl.Keymaker-CORE\keygen.exe"
sh=444ACE7F01A9F49099781EDD53DCA8371792FE5A ft=1 fh=5cde73de24e6a811 vn="Variante von Win32/Keygen.AG potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Audio Tools\MP3 Splitter & Joiner\Winamp\(ES) DFX 8\install\Windows Media Player\keygen\Key.exe"
sh=ED02463AF022163002623B3F95BE83F47853274A ft=1 fh=66926e8d5c5885c1 vn="Win32/Adware.WildTangent Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Audio Tools\Winamp\WinAmp Plug-Ins\A_Knights_Tale_Visualization.exe"
sh=1E96517A1E5B31A5F03A2EC27F8916035C70C054 ft=1 fh=0a066ab553cde119 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Alcohol.120.v1.9.2.1705\Alcohol120_trial_1.9.7.6221.exe"
sh=E4B1FE456AB878B48E677A9E190928BDA1A27D4A ft=1 fh=253d93edf396518c vn="Variante von Win32/HackTool.Loader.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Alcohol.120.v1.9.2.1705\Alcohol120\KeyMaker.exe"
sh=D32B92ABCEC651ABE6B27997A67674DC994609E4 ft=1 fh=04eb9f1f842db58d vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Nero-8.3.6.0_deu_update.exe"
sh=CE4FA6F89A158AE6D5EE67EC5DE1998E49C91223 ft=1 fh=a094c59bf7ca9b4f vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Nero 7\Nero 7850\Nero-7.8.5.0_deu.exe"
sh=EEA83DB49F52CDCC3BDB69A3E3FDF2FD91419233 ft=1 fh=f78ee07fd38aa416 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Nero.8.3.2.1 Ultra Edition Deutsch ohne Patent Activation inkl. New Keygen\Nero 8.3.2.1.exe"
sh=A86CAD71BE419BE6DCE4ACC988799CB5CC4FED4E ft=1 fh=f1121aa5bc1a1350 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Nero.8.3.2.1 Ultra Edition Deutsch ohne Patent Activation inkl. New Keygen\Nero-8.3.2.1b_deu_update.exe"
sh=96EC91C7D21CC56C29A23A2D2D252CDD33545491 ft=1 fh=da2ab002893d059c vn="Variante von Win32/Keygen.CY potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Plugins\Ahead.Nero.Digital.Pro.v3.1.0.14a.Incl.Keygen-ORiON\Keygen.exe"
sh=A75A0A7AAA7E4C44BB18D822485AD75B5D1DFF69 ft=1 fh=8c8e97dc8939dc40 vn="Variante von Win32/HackTool.Patcher.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\DVD Programme\Cyberlink.PowerDVD.v8.Beta.1422-ENGiNE\ENGiNE\PowerDVD 8 beta_Crk.exe"
sh=6B45359FE88026CEACDB0DDCD98C70C504A8B92F ft=1 fh=91223acf566744e4 vn="Variante von Win32/Tool.TPE.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\DVD Programme\TMPGEnc\TMPGEnc DVD Author 1.6\Patch.exe"
sh=6B45359FE88026CEACDB0DDCD98C70C504A8B92F ft=1 fh=91223acf566744e4 vn="Variante von Win32/Tool.TPE.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\DVD Programme\TMPGEnc\TMPGEnc DVD Author 1.6 (1.6.0026)\Patch.exe"
sh=D97D7EE5B61EC9867553E2B05763CA913E2743AA ft=1 fh=5775ef809417d0a2 vn="Win32/ServU-Daemon potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Internet Tools\Serv-U.FTP.Server.v6.0.0.2.Corporate.Edition.WinALL.CRACKED-MiNT\ServUSetup.exe"
sh=5DB6099B607E987CD0BDF2744AD710407EAE70E8 ft=1 fh=936c2bf1344bfc6a vn="Variante von Generik.JKRAEFR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\System-Tools\Datenrettung\GetDataBack\GetDataBack NTFS\Keygen.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c2209fd709ec4a4d97afe3b23afcc3a3
# engine=21872
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-08 09:01:45
# local_time=2015-01-08 10:01:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9517674 149077753 0 0
# scanned=190448
# found=0
# cleaned=0
# scan_time=4864
Code:
ATTFilter ComboFix 15-01-08.01 - vladimir 09.01.2015 23:00:20.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.1878 [GMT 1:00]
ausgeführt von:: c:\users\vladimir\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal Firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\adaware-installer-reboot-required.tmp
c:\users\vladimir\AppData\Roaming\vladimirlog.dat
c:\windows\SysWow64\SET871A.tmp
c:\windows\SysWow64\SETA182.tmp
c:\windows\SysWow64\SETC4B2.tmp
L:\autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-09 bis 2015-01-09 ))))))))))))))))))))))))))))))
.
.
2015-01-09 22:13 . 2015-01-09 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-09 17:34 . 2015-01-09 17:45 -------- d-----w- C:\FRST
2015-01-09 05:06 . 2015-01-09 05:06 -------- d-----w- c:\users\vladimir\AppData\Local\CrashDumps
2015-01-08 23:04 . 2015-01-08 23:04 -------- d-----w- c:\program files\Windows Imaging
2015-01-08 23:04 . 2015-01-08 23:04 -------- d-----w- c:\program files\Windows AIK
2015-01-08 22:01 . 2015-01-08 22:01 -------- d-----w- c:\users\vladimir\AppData\Local\TeamViewer
2015-01-08 22:00 . 2015-01-08 22:00 -------- d-----w- c:\users\vladimir\AppData\Local\ESET
2015-01-08 21:57 . 2015-01-08 21:57 -------- d-----w- c:\program files\ESET
2015-01-08 21:45 . 2015-01-09 05:51 -------- d-----w- c:\windows\system32\log
2015-01-08 18:14 . 2015-01-08 18:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-08 18:02 . 2015-01-08 18:03 -------- d-----w- c:\users\Familie Jost
2015-01-08 15:50 . 2015-01-08 16:07 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-01-08 15:49 . 2015-01-08 16:04 -------- d-----w- c:\programdata\HitmanPro
2015-01-07 16:24 . 2015-01-08 04:46 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-07 16:24 . 2015-01-07 16:24 -------- d-----w- c:\programdata\RogueKiller
2015-01-07 05:43 . 2015-01-09 05:55 -------- d-----w- c:\users\vladimir\AppData\Local\Google
2015-01-06 21:44 . 2015-01-06 21:52 -------- d-----w- c:\program files (x86)\SRWare Iron
2015-01-06 19:39 . 2015-01-09 05:55 -------- d-----w- c:\program files (x86)\Google
2015-01-06 00:24 . 2015-01-06 00:24 -------- d-----w- c:\program files (x86)\ESET
2015-01-05 23:56 . 2015-01-05 23:56 -------- d-----w- c:\users\vladimir\AppData\Roaming\DropboxMaster
2015-01-05 22:25 . 2015-01-05 22:25 -------- d-----w- c:\windows\ERUNT
2015-01-05 22:15 . 2015-01-05 22:15 -------- d-sh--w- c:\users\vladimir\AppData\Local\EmieBrowserModeList
2015-01-05 22:03 . 2015-01-09 05:51 -------- d-----w- C:\AdwCleaner
2015-01-05 20:24 . 2015-01-05 20:24 -------- d-----w- c:\users\vladimir\AppData\Local\Lavasoft
2015-01-05 20:24 . 2014-12-16 11:10 358736 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-01-05 20:24 . 2014-12-16 11:10 312424 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-01-05 20:23 . 2015-01-05 20:23 -------- d-----w- c:\program files (x86)\Lavasoft
2015-01-05 20:21 . 2015-01-09 18:51 -------- d-----w- c:\users\vladimir\AppData\Roaming\Lavasoft
2015-01-05 20:20 . 2015-01-09 18:51 -------- d-----w- c:\programdata\Lavasoft
2015-01-05 20:16 . 2015-01-05 20:16 -------- d-----w- c:\program files (x86)\Enigma Software Group
2015-01-05 20:14 . 2015-01-05 22:15 -------- d-----w- c:\windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2015-01-05 01:20 . 2015-01-05 01:20 -------- d-----w- c:\users\vladimir\AppData\Roaming\22543
2015-01-04 20:42 . 2015-01-04 20:42 2351 ----a-w- c:\windows\patsearch.bin
2015-01-04 19:15 . 2015-01-06 20:31 -------- d-----w- c:\programdata\Elaborate Bytes
2015-01-04 19:15 . 2015-01-06 20:30 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2015-01-04 19:15 . 2015-01-04 19:15 -------- d-----w- c:\programdata\SlySoft
2015-01-04 19:15 . 2015-01-06 20:31 -------- d-----w- c:\program files (x86)\SlySoft
2015-01-04 19:07 . 2015-01-04 19:07 -------- d--h--w- c:\programdata\vid
2015-01-04 19:07 . 2015-01-04 19:07 -------- d--h--w- c:\programdata\tks
2015-01-04 19:06 . 2015-01-04 19:19 -------- d-----w- c:\users\vladimir\AppData\Roaming\log
2015-01-01 20:36 . 2015-01-04 21:59 -------- d-----w- c:\users\vladimir\AppData\Roaming\.ACEStream
2015-01-01 20:35 . 2015-01-04 21:59 -------- d-----w- c:\users\vladimir\AppData\Roaming\ACEStream
2014-12-26 11:25 . 2014-12-27 18:37 -------- d-----w- c:\program files\Recuva
2014-12-26 10:49 . 2014-12-26 10:49 -------- d-----w- c:\users\vladimir\AppData\Roaming\asoftech
2014-12-26 10:49 . 2014-12-26 10:49 -------- d-----w- c:\program files (x86)\Asoftech
2014-12-26 10:26 . 1998-06-17 23:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL
2014-12-23 22:12 . 2014-12-13 00:47 620176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-18 00:27 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-18 00:27 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-16 20:01 . 2014-12-13 00:12 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-16 20:01 . 2014-12-13 00:12 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-16 20:01 . 2014-12-13 00:12 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-16 20:01 . 2014-12-13 00:12 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-16 19:59 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-12-16 19:59 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-12-13 16:30 . 2014-12-18 20:31 -------- d-----w- c:\users\vladimir\AppData\Local\Spotify
2014-12-13 16:29 . 2014-12-18 22:35 -------- d-----w- c:\users\vladimir\AppData\Roaming\Spotify
2014-12-11 02:02 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-11 02:02 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 00:35 . 2014-11-22 02:22 772608 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-09 20:04 . 2014-06-20 20:42 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-06 20:11 . 2013-09-16 15:32 99384 ----a-w- c:\users\vladimir\AppData\Roaming\inst.exe
2015-01-06 20:11 . 2013-09-16 15:32 82816 ----a-w- c:\users\vladimir\AppData\Roaming\pcouffin.sys
2014-12-31 11:14 . 2013-04-29 22:06 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 10:08 . 2014-11-10 20:31 2897824 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-12-13 10:08 . 2014-11-05 18:53 16040184 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-12-13 10:08 . 2013-08-21 20:17 14128496 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-12-13 10:08 . 2013-04-29 22:28 74056 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:08 . 2013-04-29 22:28 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-12-13 10:08 . 2013-04-29 22:28 3293136 ----a-w- c:\windows\system32\nvapi64.dll
2014-12-13 10:08 . 2013-04-29 22:28 18594432 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-12-13 08:03 . 2013-04-29 22:29 6859408 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 08:03 . 2013-04-29 22:29 3513488 ----a-w- c:\windows\system32\nvsvc64.dll
2014-12-13 08:03 . 2013-04-29 22:29 935240 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 08:03 . 2013-04-29 22:29 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 08:03 . 2013-04-29 22:29 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-12-13 08:03 . 2013-04-29 22:29 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-12 23:11 . 2013-04-29 22:29 4151176 ----a-w- c:\windows\system32\nvcoproc.bin
2014-12-11 02:03 . 2013-04-30 04:49 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-10 10:20 . 2014-05-14 09:27 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 10:20 . 2014-05-14 09:27 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-24 18:53 . 2013-10-16 05:15 426872 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2014-11-22 10:46 . 2014-10-06 22:01 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-21 06:08 . 2014-06-20 20:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 06:07 . 2014-06-20 20:41 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 06:07 . 2014-02-19 08:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-13 00:20 . 2014-11-18 19:13 1540424 ----a-w- c:\windows\system32\nvdispgenco6434475.dll
2014-11-13 00:20 . 2014-11-18 19:13 1876296 ----a-w- c:\windows\system32\nvdispco6434475.dll
2014-11-13 00:20 . 2013-04-29 22:28 3262784 ----a-w- c:\windows\system32\SET5BC6.tmp
2014-11-13 00:20 . 2013-04-29 22:28 20986592 ----a-w- c:\windows\system32\SET8255.tmp
2014-11-11 03:08 . 2014-11-18 22:01 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 22:01 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 22:01 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 22:01 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-04 09:35 . 2013-05-02 14:27 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-11-04 00:04 . 2014-11-10 20:31 1876296 ----a-w- c:\windows\system32\nvdispco6434465.dll
2014-11-04 00:04 . 2014-11-10 20:31 1539272 ----a-w- c:\windows\system32\nvdispgenco6434465.dll
2014-10-30 17:51 . 2014-10-30 17:51 93022 ----a-w- c:\windows\system32\cc_20141030_185104.reg
2014-10-30 04:53 . 2014-11-05 18:53 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll
2014-10-30 04:53 . 2014-11-05 18:53 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll
2014-10-25 01:57 . 2014-11-11 23:02 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-11 23:02 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 08:29 . 2014-10-20 08:30 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05 . 2014-11-11 23:02 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-11 23:02 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-16 16:54 . 2014-10-23 13:23 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
2014-10-16 16:54 . 2014-10-23 13:23 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
2014-10-14 02:16 . 2014-11-11 23:03 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-11 23:03 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-11 23:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-11 23:03 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-11 23:03 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-11 23:03 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-11 23:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-11 23:02 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-11 23:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-11 23:03 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-11 23:03 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2009-09-27 07:39 415744 --sh--w- c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11 764416 --sh--w- c:\windows\SysWOW64\devil.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 131248 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 131248 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 131248 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SearchProtectionService;IE Search Set;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [x]
S2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;d:\starmoney\ouservice\StarMoneyOnlineUpdate.exe;d:\starmoney\ouservice\StarMoneyOnlineUpdate.exe [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
S4 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NVSTREAMKMS
*Deregistered* - webinstrNHK
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 10:20]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06 19:39]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06 19:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 164016 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 164016 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 164016 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 164016 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Philips Media Convertor v1.2\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\vladimir\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.178.1
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file)
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-09 23:17:14
ComboFix-quarantined-files.txt 2015-01-09 22:17
.
Vor Suchlauf: 16 Verzeichnis(se), 330.432.282.624 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 329.576.243.200 Bytes frei
.
- - End Of File - - 0C9E98905FD6550598080BC8E0D543A8
A36C5E4F47E84449FF07ED3517B43A31
|
|
10.01.2015, 11:24
| #4 |
| /// TB-Ausbilder | BetterMarkit lässt sich nicht entfernen Diese Tools bitte ausführen (ggf. vorher updaten, wenn bereits auf dem PC): Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
10.01.2015, 16:34
| #5 |
| | BetterMarkit lässt sich nicht entfernenCode:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 14:17:25
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : vladimir - VLADIMIR-PC
# Gestartet von : C:\Users\vladimir\Desktop\AdwCleaner_4.107.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [10832 octets] - [05/01/2015 23:03:21]
AdwCleaner[R1].txt - [1011 octets] - [05/01/2015 23:17:57]
AdwCleaner[R2].txt - [1385 octets] - [05/01/2015 23:58:13]
AdwCleaner[R3].txt - [1178 octets] - [06/01/2015 19:29:33]
AdwCleaner[R4].txt - [1834 octets] - [06/01/2015 21:16:10]
AdwCleaner[R5].txt - [1389 octets] - [07/01/2015 22:45:04]
AdwCleaner[R6].txt - [1510 octets] - [08/01/2015 06:46:09]
AdwCleaner[R7].txt - [1685 octets] - [09/01/2015 06:47:16]
AdwCleaner[R8].txt - [1122 octets] - [10/01/2015 14:17:25]
AdwCleaner[S0].txt - [11103 octets] - [05/01/2015 23:05:51]
AdwCleaner[S1].txt - [1446 octets] - [06/01/2015 00:05:32]
AdwCleaner[S2].txt - [1240 octets] - [06/01/2015 19:41:38]
AdwCleaner[S3].txt - [1904 octets] - [06/01/2015 21:20:35]
AdwCleaner[S4].txt - [1450 octets] - [07/01/2015 22:48:13]
AdwCleaner[S5].txt - [1571 octets] - [08/01/2015 06:52:02]
AdwCleaner[S6].txt - [1750 octets] - [09/01/2015 06:51:04]
########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [1603 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.01.2015 Suchlauf-Zeit: 15:39:04 Logdatei: MBAM2.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.10.12 Rootkit Datenbank: v2015.01.07.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Aktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: vladimir Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 391744 Verstrichene Zeit: 13 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by vladimir on 10.01.2015 at 16:10:14,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2015 at 16:19:32,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by vladimir (administrator) on VLADIMIR-PC on 10-01-2015 16:25:14 Running from C:\Users\vladimir\Desktop Loaded Profile: vladimir (Available profiles: vladimir & Familie Jost) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) D:\StarMoney\ouservice\StarMoneyOnlineUpdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (CometNetwork) C:\Program Files (x86)\CometBird\cometbird.exe (Mozilla Corporation) C:\Program Files (x86)\CometBird\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] () HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => No File ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => No File ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\DVD Programme\Videolan\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\DVD Programme\Videolan\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3746786549-4074655040-3157731495-1001: @tools.google.com/Google Update;version=3 -> C:\Users\vladimir\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-3746786549-4074655040-3157731495-1001: @tools.google.com/Google Update;version=9 -> C:\Users\vladimir\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-09] CHR Extension: (Google Docs) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-09] CHR Extension: (Google Drive) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-09] CHR Extension: (YouTube) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-09] CHR Extension: (Google-Suche) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-09] CHR Extension: (Google Tabellen) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-09] CHR Extension: (Google Wallet) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09] CHR Extension: (Google Mail) - C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [12907520 2013-02-01] () [File not signed] R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware) [File not signed] R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] () R2 StarMoney 9.0 OnlineUpdate; D:\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET) S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-04-04] (GEAR Software Inc.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-08] () R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware) S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-10 16:19 - 2015-01-10 16:19 - 00000624 _____ () C:\Users\vladimir\Desktop\JRT.txt 2015-01-10 16:09 - 2015-01-10 16:09 - 00001196 _____ () C:\Users\vladimir\Desktop\MBAM2.txt 2015-01-10 15:05 - 2015-01-10 15:06 - 01707939 _____ (Thisisu) C:\Users\vladimir\Desktop\JRT.exe 2015-01-10 14:22 - 2015-01-10 14:19 - 00001683 _____ () C:\Users\vladimir\Desktop\AdwCleaner[R8].txt 2015-01-10 14:16 - 2015-01-10 14:16 - 02191360 _____ () C:\Users\vladimir\Desktop\AdwCleaner_4.107.exe 2015-01-10 07:49 - 2015-01-10 07:49 - 00000000 ____D () C:\Users\vladimir\Downloads\Complete YouTube Saver 2015-01-09 23:17 - 2015-01-09 23:17 - 00032554 _____ () C:\ComboFix.txt 2015-01-09 22:57 - 2015-01-09 23:17 - 00000000 ____D () C:\Qoobox 2015-01-09 22:57 - 2015-01-09 23:15 - 00000000 ____D () C:\Windows\erdnt 2015-01-09 22:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-09 22:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-09 22:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-09 22:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-09 22:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-09 22:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-09 22:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-09 22:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-09 22:43 - 2015-01-09 22:52 - 1361907590 _____ () C:\Users\vladimir\Desktop\Northmen - A Viking Saga 2014 HDRIP x264 AC3 TiTAN.mkv 2015-01-09 21:54 - 2015-01-09 21:54 - 00029670 _____ () C:\MBAM.txt 2015-01-09 19:46 - 2015-01-09 19:47 - 05609736 ____R (Swearware) C:\Users\vladimir\Desktop\ComboFix.exe 2015-01-09 18:43 - 2015-01-09 18:45 - 00048347 _____ () C:\Users\vladimir\Desktop\Addition.txt 2015-01-09 18:36 - 2015-01-10 16:25 - 00018629 _____ () C:\Users\vladimir\Desktop\FRST.txt 2015-01-09 18:34 - 2015-01-10 16:25 - 00000000 ____D () C:\FRST 2015-01-09 18:33 - 2015-01-09 18:33 - 02124288 _____ (Farbar) C:\Users\vladimir\Desktop\FRST64.exe 2015-01-09 18:32 - 2015-01-09 18:32 - 00000478 _____ () C:\Users\vladimir\Desktop\defogger_disable.log 2015-01-09 18:32 - 2015-01-09 18:32 - 00000000 _____ () C:\Users\vladimir\defogger_reenable 2015-01-09 18:30 - 2015-01-09 18:30 - 00050477 _____ () C:\Users\vladimir\Desktop\Defogger.exe 2015-01-09 07:17 - 2015-01-09 07:17 - 00259584 _____ (OldTimer Tools) C:\Users\vladimir\Desktop\OTH.scr 2015-01-09 07:14 - 2015-01-09 07:15 - 02953520 _____ (AVAST Software) C:\Users\vladimir\Desktop\avast-browser-cleanup_9.0.0.224.exe 2015-01-09 06:55 - 2015-01-09 06:55 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-09 06:55 - 2015-01-09 06:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-09 06:06 - 2015-01-09 06:06 - 00000000 ____D () C:\Users\vladimir\AppData\Local\CrashDumps 2015-01-09 00:05 - 2015-01-09 00:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK 2015-01-09 00:04 - 2015-01-09 00:04 - 00000000 ____D () C:\Program Files\Windows Imaging 2015-01-09 00:04 - 2015-01-09 00:04 - 00000000 ____D () C:\Program Files\Windows AIK 2015-01-08 23:20 - 2015-01-08 23:51 - 1706256384 _____ () C:\Users\vladimir\Desktop\KB3AIK_DE.iso 2015-01-08 23:01 - 2015-01-08 23:01 - 00000000 ____D () C:\Users\vladimir\AppData\Local\TeamViewer 2015-01-08 23:00 - 2015-01-08 23:00 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\ESET 2015-01-08 23:00 - 2015-01-08 23:00 - 00000000 ____D () C:\Users\vladimir\AppData\Local\ESET 2015-01-08 23:00 - 2015-01-08 23:00 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\ESET 2015-01-08 23:00 - 2015-01-08 23:00 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\ESET 2015-01-08 22:57 - 2015-01-08 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-01-08 22:57 - 2015-01-08 22:57 - 00000000 ____D () C:\ProgramData\ESET 2015-01-08 22:57 - 2015-01-08 22:57 - 00000000 ____D () C:\Program Files\ESET 2015-01-08 22:45 - 2015-01-09 06:51 - 00000000 ____D () C:\Windows\system32\log 2015-01-08 22:06 - 2015-01-08 22:06 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-01-08 22:06 - 2015-01-08 22:06 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-01-08 22:04 - 2015-01-08 22:19 - 01660616 _____ (ESET) C:\Users\vladimir\Desktop\eset_smart_security_live_installer_.exe 2015-01-08 19:46 - 2015-01-08 19:50 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\Microsoft Games 2015-01-08 19:14 - 2015-01-08 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-08 19:12 - 2015-01-08 19:44 - 00000000 ____D () C:\Users\Familie Jost\Desktop\mbar 2015-01-08 19:12 - 2015-01-08 19:12 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Familie Jost\Downloads\mbar-1.08.2.1001.exe 2015-01-08 19:11 - 2015-01-08 19:11 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\Macromedia 2015-01-08 19:11 - 2015-01-08 19:11 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\Macromedia 2015-01-08 19:10 - 2015-01-08 19:10 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\Mozilla 2015-01-08 19:10 - 2015-01-08 19:10 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\CometNetwork 2015-01-08 19:10 - 2015-01-08 19:10 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\CometNetwork 2015-01-08 19:07 - 2015-01-08 19:07 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\Google 2015-01-08 19:06 - 2015-01-08 19:06 - 00880784 _____ (Google Inc.) C:\Users\Familie Jost\Desktop\ChromeSetup.exe 2015-01-08 19:05 - 2015-01-08 19:05 - 00000000 __SHD () C:\Users\Familie Jost\AppData\Local\EmieUserList 2015-01-08 19:05 - 2015-01-08 19:05 - 00000000 __SHD () C:\Users\Familie Jost\AppData\Local\EmieSiteList 2015-01-08 19:05 - 2015-01-08 19:05 - 00000000 __SHD () C:\Users\Familie Jost\AppData\Local\EmieBrowserModeList 2015-01-08 19:05 - 2015-01-08 19:05 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\NVIDIA Corporation 2015-01-08 19:04 - 2015-01-08 22:45 - 00115168 _____ () C:\Users\Familie Jost\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-08 19:04 - 2015-01-08 19:04 - 00001425 _____ () C:\Users\Familie Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-08 19:04 - 2015-01-08 19:04 - 00000000 ____D () C:\Users\Familie Jost\AppData\Roaming\Adobe 2015-01-08 19:04 - 2015-01-08 19:04 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\NVIDIA 2015-01-08 19:03 - 2015-01-08 19:03 - 00000000 ____D () C:\Users\Familie Jost\AppData\Local\VirtualStore 2015-01-08 19:02 - 2015-01-08 19:03 - 00000000 ____D () C:\Users\Familie Jost 2015-01-08 19:02 - 2015-01-08 19:02 - 00000020 ___SH () C:\Users\Familie Jost\ntuser.ini 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Vorlagen 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Startmenü 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Netzwerkumgebung 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Lokale Einstellungen 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Eigene Dateien 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Druckumgebung 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Documents\Eigene Musik 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Documents\Eigene Bilder 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\AppData\Local\Verlauf 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\AppData\Local\Anwendungsdaten 2015-01-08 19:02 - 2015-01-08 19:02 - 00000000 _SHDL () C:\Users\Familie Jost\Anwendungsdaten 2015-01-08 19:02 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Familie Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-08 19:02 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Familie Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-08 17:18 - 2015-01-08 18:19 - 00000000 ____D () C:\Users\vladimir\Desktop\Windows 2015-01-08 17:04 - 2015-01-08 17:04 - 00001788 _____ () C:\Windows\system32\.crusader 2015-01-08 16:50 - 2015-01-08 17:07 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2015-01-08 16:49 - 2015-01-08 17:04 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-07 17:24 - 2015-01-08 05:46 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-01-07 17:24 - 2015-01-07 17:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-01-07 17:23 - 2015-01-07 17:24 - 18423384 _____ () C:\Users\vladimir\Desktop\RogueKillerX64.exe 2015-01-07 17:17 - 2015-01-08 05:44 - 00001808 _____ () C:\sc-cleaner.txt 2015-01-07 17:17 - 2015-01-07 17:17 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vladimir\Desktop\sc-cleaner.exe 2015-01-07 06:48 - 2015-01-07 06:48 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Mozilla 2015-01-07 06:43 - 2015-01-09 06:55 - 00000000 ____D () C:\Users\vladimir\AppData\Local\Google 2015-01-06 22:44 - 2015-01-06 22:52 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron 2015-01-06 22:23 - 2015-01-10 14:24 - 00005644 _____ () C:\Windows\PFRO.log 2015-01-06 21:59 - 2015-01-10 14:25 - 00003937 _____ () C:\Windows\setupact.log 2015-01-06 21:59 - 2015-01-06 21:59 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-06 20:39 - 2015-01-09 06:55 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-06 11:04 - 2015-01-06 10:48 - 00880784 _____ (Google Inc.) C:\Users\vladimir\Desktop\ChromeSetup.exe 2015-01-06 01:24 - 2015-01-06 01:24 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-06 00:56 - 2015-01-06 00:56 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\DropboxMaster 2015-01-06 00:55 - 2015-01-06 00:56 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-01-05 23:25 - 2015-01-05 23:25 - 00000000 ____D () C:\Windows\ERUNT 2015-01-05 23:15 - 2015-01-05 23:15 - 00000000 __SHD () C:\Users\vladimir\AppData\Local\EmieBrowserModeList 2015-01-05 23:03 - 2015-01-10 14:22 - 00000000 ____D () C:\AdwCleaner 2015-01-05 21:24 - 2015-01-05 21:24 - 00004648 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini 2015-01-05 21:24 - 2015-01-05 21:24 - 00002480 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2015-01-05 21:24 - 2015-01-05 21:24 - 00002480 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-01-05 21:24 - 2015-01-05 21:24 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\LavasoftStatistics 2015-01-05 21:24 - 2015-01-05 21:24 - 00000000 ____D () C:\Users\vladimir\AppData\Local\Lavasoft 2015-01-05 21:24 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-01-05 21:24 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-01-05 21:23 - 2015-01-09 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-01-05 21:23 - 2015-01-05 21:23 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2015-01-05 21:21 - 2015-01-09 19:51 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Lavasoft 2015-01-05 21:20 - 2015-01-09 19:51 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-01-05 21:16 - 2015-01-05 21:16 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2015-01-05 21:14 - 2015-01-05 23:15 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP 2015-01-05 20:59 - 2015-01-05 20:59 - 00000000 _____ () C:\autoexec.bat 2015-01-05 20:56 - 2015-01-05 20:56 - 00000115 _____ () C:\Users\vladimir\Desktop\Chrome 3.url 2015-01-05 20:56 - 2015-01-05 20:56 - 00000109 _____ () C:\Users\vladimir\Desktop\Chrome 4.url 2015-01-05 20:55 - 2015-01-05 20:55 - 00000200 _____ () C:\Users\vladimir\Desktop\Chrome2.url 2015-01-05 20:54 - 2015-01-05 20:55 - 00000137 _____ () C:\Users\vladimir\Desktop\chrome1.url 2015-01-05 14:03 - 2015-01-05 14:03 - 00000000 ____D () C:\Users\vladimir\Desktop\Film2 2015-01-05 11:00 - 2015-01-05 11:00 - 00000000 ____D () C:\Users\vladimir\Desktop\Film1 2015-01-05 02:20 - 2015-01-05 02:20 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\22543 2015-01-04 21:42 - 2015-01-04 21:42 - 00002351 _____ () C:\Windows\patsearch.bin 2015-01-04 21:17 - 2015-01-04 21:17 - 00000000 ____D () C:\Users\vladimir\Documents\Blu-ray Converter Ultimate 2015-01-04 20:18 - 2015-01-04 20:18 - 00000000 ____D () C:\Users\vladimir\Documents\AnyDVDHD 2015-01-04 20:17 - 2015-01-05 02:20 - 00000040 ___SH () C:\ProgramData\.zreglib 2015-01-04 20:15 - 2015-01-06 21:31 - 00000000 ____D () C:\ProgramData\Elaborate Bytes 2015-01-04 20:15 - 2015-01-06 21:31 - 00000000 ____D () C:\Program Files (x86)\SlySoft 2015-01-04 20:15 - 2015-01-06 21:30 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2015-01-04 20:15 - 2015-01-04 20:15 - 00000000 ____D () C:\ProgramData\SlySoft 2015-01-04 20:14 - 2015-01-04 20:14 - 00000000 ____D () C:\Users\vladimir\Documents\DVDFab9 2015-01-04 20:07 - 2015-01-04 20:07 - 00000000 ___HD () C:\ProgramData\vid 2015-01-04 20:07 - 2015-01-04 20:07 - 00000000 ___HD () C:\ProgramData\tks 2015-01-04 20:06 - 2015-01-04 20:19 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\log 2015-01-04 20:06 - 2015-01-04 20:06 - 00000000 ____D () C:\Users\vladimir\Documents\BDCopy 2015-01-01 21:36 - 2015-01-04 22:59 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\.ACEStream 2015-01-01 21:35 - 2015-01-04 22:59 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\ACEStream 2014-12-28 15:53 - 2014-12-28 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-12-26 13:17 - 2014-12-26 13:17 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-26 12:25 - 2014-12-27 19:37 - 00000000 ____D () C:\Program Files\Recuva 2014-12-26 11:49 - 2014-12-26 11:49 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\asoftech 2014-12-26 11:49 - 2014-12-26 11:49 - 00000000 ____D () C:\Program Files (x86)\Asoftech 2014-12-26 11:26 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL 2014-12-23 23:12 - 2014-12-13 01:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-12-23 23:08 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-23 23:08 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-12-23 23:08 - 2014-12-13 11:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-12-23 23:08 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-12-23 23:08 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-12-23 23:08 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll 2014-12-18 08:24 - 2015-01-06 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-18 01:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 01:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 09:02 - 2014-12-17 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2014-12-16 21:01 - 2014-12-13 01:12 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-12-16 21:01 - 2014-12-13 01:12 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-12-16 21:01 - 2014-12-13 01:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-12-16 21:01 - 2014-12-13 01:12 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-12-16 20:59 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-16 20:59 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-13 17:30 - 2014-12-18 21:31 - 00000000 ____D () C:\Users\vladimir\AppData\Local\Spotify 2014-12-13 17:30 - 2014-12-13 17:30 - 00001823 _____ () C:\Users\vladimir\Desktop\Spotify.lnk 2014-12-13 17:29 - 2014-12-18 23:35 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Spotify 2014-12-11 03:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 03:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-11 01:36 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 01:36 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 01:36 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 01:36 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 01:36 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 01:36 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 01:36 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 01:36 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 01:36 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 01:36 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 01:36 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 01:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 01:36 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 01:36 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 01:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 01:36 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 01:36 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 01:36 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 01:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 01:36 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 01:36 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 01:36 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 01:36 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 01:36 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 01:36 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 01:36 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 01:36 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 01:36 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 01:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 01:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 01:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 01:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 01:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 01:36 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 01:36 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 01:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 01:36 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 01:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 01:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 01:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 01:36 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 01:36 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 01:36 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-11 01:35 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 01:35 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 01:35 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 01:35 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 01:35 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 01:35 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 01:35 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 01:35 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 01:35 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 01:35 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 01:35 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 01:35 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 01:35 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 01:35 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 01:35 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 01:35 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-11 01:35 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 01:35 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-11 01:35 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 01:35 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 01:35 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 01:35 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 01:35 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 01:35 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-11 01:35 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-11 01:35 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-11 01:35 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-11 01:35 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-10 16:20 - 2014-05-14 10:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-10 16:00 - 2013-05-03 09:43 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-10 15:39 - 2014-06-20 21:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-10 15:03 - 2013-05-03 09:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-10 15:02 - 2013-04-29 22:45 - 01676967 _____ () C:\Windows\WindowsUpdate.log 2015-01-10 14:32 - 2009-07-14 05:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-10 14:32 - 2009-07-14 05:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-10 14:25 - 2013-04-29 23:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-10 14:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-10 00:10 - 2014-10-30 17:14 - 00000996 _____ () C:\Users\vladimir\Desktop\Hamburg Freezers - Verknüpfung.lnk 2015-01-10 00:09 - 2013-05-02 14:47 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\vlc 2015-01-09 23:17 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-09 23:13 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-09 18:32 - 2013-04-29 22:52 - 00000000 ____D () C:\Users\vladimir 2015-01-09 06:55 - 2013-05-03 09:43 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-09 06:55 - 2013-05-03 09:43 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-09 06:34 - 2009-07-14 05:45 - 00442616 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-09 06:30 - 2013-05-02 14:35 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-01-08 22:43 - 2013-04-29 23:50 - 00115168 _____ () C:\Users\vladimir\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-08 22:07 - 2013-05-06 10:28 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-08 22:06 - 2013-05-06 10:31 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\TeamViewer 2015-01-08 20:31 - 2014-10-25 23:12 - 00000000 ____D () C:\Users\vladimir\Desktop\Videobearbeitung 2015-01-07 05:55 - 2013-10-05 11:45 - 00000000 ____D () C:\Users\vladimir\AppData\Local\Downloaded Installations 2015-01-06 22:10 - 2014-07-04 04:41 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\DVDVideoSoft 2015-01-06 21:56 - 2013-09-16 16:32 - 00000000 ____D () C:\ProgramData\VSO 2015-01-06 21:30 - 2013-09-16 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2015-01-06 21:30 - 2013-09-16 16:32 - 00000000 ____D () C:\Program Files (x86)\VSO 2015-01-06 21:11 - 2013-09-16 16:32 - 00099384 _____ () C:\Users\vladimir\AppData\Roaming\inst.exe 2015-01-06 21:11 - 2013-09-16 16:32 - 00082816 _____ (VSO Software) C:\Users\vladimir\AppData\Roaming\pcouffin.sys 2015-01-06 21:11 - 2013-09-16 16:32 - 00007859 _____ () C:\Users\vladimir\AppData\Roaming\pcouffin.cat 2015-01-06 21:11 - 2013-09-16 16:32 - 00000055 _____ () C:\Users\vladimir\AppData\Roaming\pcouffin.log 2015-01-06 21:11 - 2013-09-16 15:33 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Vso 2015-01-06 18:56 - 2013-05-03 09:42 - 00000000 ____D () C:\Program Files (x86)\Googlex 2015-01-06 17:02 - 2013-09-16 15:34 - 00000000 ____D () C:\Users\vladimir\Documents\ConvertXToDVD 2015-01-06 15:48 - 2014-04-10 07:39 - 00000000 ____D () C:\Program Files (x86)\4Videosoft Studio 2015-01-06 15:48 - 2013-04-29 23:51 - 00000000 ____D () C:\Program Files (x86)\SIW 2015-01-06 04:36 - 2013-04-29 23:06 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-06 01:34 - 2014-06-20 21:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-06 01:34 - 2014-06-20 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-06 01:34 - 2014-06-20 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-06 00:54 - 2014-06-21 19:41 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\Dropbox 2015-01-06 00:41 - 2014-06-21 19:45 - 00000000 ___RD () C:\Users\vladimir\Dropbox 2015-01-06 00:38 - 2014-10-26 16:10 - 00000000 ____D () C:\Users\vladimir\Desktop\E-Book Folder 2015-01-05 20:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-05 19:16 - 2013-04-29 23:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-05 15:21 - 2009-07-14 19:18 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents 2015-01-05 15:14 - 2014-11-01 22:04 - 00134913 _____ () C:\Users\vladimir\Desktop\Monatsübersicht Ausgaben Haushalt.xlsx 2015-01-05 07:46 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-01-05 01:44 - 2014-03-01 15:42 - 00000000 ____D () C:\Windows\pss 2015-01-04 23:05 - 2014-01-27 10:39 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\concept design 2015-01-03 17:52 - 2013-05-03 09:20 - 00000000 ____D () C:\Users\vladimir\AppData\Roaming\dvdcss 2015-01-02 20:23 - 2013-10-08 17:28 - 00000075 _____ () C:\Users\vladimir\AppData\default.pls 2015-01-02 14:57 - 2009-07-14 18:58 - 00717634 _____ () C:\Windows\system32\perfh007.dat 2015-01-02 14:57 - 2009-07-14 18:58 - 00155194 _____ () C:\Windows\system32\perfc007.dat 2015-01-02 14:57 - 2009-07-14 06:13 - 01657428 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-02 13:53 - 2013-06-09 08:07 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2015-01-02 13:53 - 2013-06-09 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-01-02 13:53 - 2013-06-09 08:07 - 00000000 ____D () C:\Program Files (x86)\Calibre2 2015-01-02 02:10 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-01-01 22:27 - 2013-05-02 14:10 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-01 22:27 - 2013-05-02 14:10 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-28 00:27 - 2013-04-29 22:52 - 00000000 ____D () C:\Users\vladimir\AppData\Local\VirtualStore 2014-12-26 11:24 - 2014-02-22 07:08 - 00001973 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-12-26 04:24 - 2013-05-02 15:25 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-24 23:12 - 2014-09-20 17:02 - 00001208 _____ () C:\Users\vladimir\Desktop\Amazon Music.lnk 2014-12-23 23:13 - 2014-07-06 16:01 - 00000000 ____D () C:\Temp 2014-12-23 23:13 - 2013-04-29 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-12-17 09:02 - 2013-11-03 01:10 - 00000425 _____ () C:\Users\vladimir\AppData\Local\UserProducts.xml 2014-12-16 21:06 - 2013-04-29 23:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-12-16 21:05 - 2014-10-13 08:26 - 00000000 ____D () C:\Users\vladimir\AppData\Local\NVIDIA Corporation 2014-12-16 21:01 - 2013-04-29 23:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-12-16 21:01 - 2013-04-29 23:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-12-13 11:08 - 2014-11-10 21:31 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-13 11:08 - 2014-11-05 19:53 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-12-13 11:08 - 2013-08-21 21:17 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-12-13 11:08 - 2013-04-29 23:28 - 00027983 _____ () C:\Windows\system32\nvinfo.pb 2014-12-13 09:03 - 2013-04-29 23:29 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-12-13 09:03 - 2013-04-29 23:29 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-12-13 09:03 - 2013-04-29 23:29 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-12-13 09:03 - 2013-04-29 23:29 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-12-13 09:03 - 2013-04-29 23:29 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-12-13 09:03 - 2013-04-29 23:29 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-12-13 03:28 - 2013-06-09 08:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-13 00:11 - 2013-04-29 23:29 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin 2014-12-11 04:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 03:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 03:11 - 2013-08-16 02:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 03:03 - 2013-04-30 05:49 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\vladimir\AppData\Local\Temp\Quarantine.exe C:\Users\vladimir\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 12:07 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by vladimir at 2015-01-09 18:43:23
Running from C:\Users\vladimir\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Videosoft 3D Converter 5.1.15 (HKLM-x32\...\{8C9467CB-02EF-4948-B1F3-725EEFA6D571}_is1) (Version: - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Ashampoo MP3 Cover Finder v.1.0.7 (HKLM-x32\...\{5A842CF6-7E61-52D7-C64C-2F20E9D408F1}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{BED35097-6053-4E51-B9EC-A779CCCDEE72}) (Version: 2.15.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork)
Dropbox (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IsoBuster 2.2 (HKLM-x32\...\IsoBuster_is1) (Version: 2.2 - Smart Projects)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MySQL Server 5.6 (HKLM\...\{56DA0CB5-ABD2-4318-BEAB-62FDBC9B12CC}) (Version: 5.6.10 - Oracle Corporation)
Nero 8 (HKLM-x32\...\{3C5F1B30-B10B-4579-86DD-D00F662E1031}) (Version: 8.3.171 - Nero AG)
Nero Mega Plugin Pack (HKLM-x32\...\{EF901A4B-A25A-4962-83C6-C6691D062ED9}) (Version: 2.0 - MaCiO)
NetTV+ Player 4 (HKLM-x32\...\NetTV+ Player 4) (Version: 00.04.05.04 - NETTVPLUS)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
Philips Media Convertor v1.2 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.45 - )
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
Readon TV Movie Radio Player 7.5.0.0 (HKLM-x32\...\{03840E8D-A75E-4C49-ADFC-09A867C7F943}) (Version: 7.5.0 - Readon Technology)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SiSoftware Sandra Lite 2013.SP6 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.66.2013.10 - SiSoftware)
SIW version 2010.03.10 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.03.10 - Topala Software Solutions)
Skype™ 6.18 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 S-Edition (HKLM-x32\...\{612E9353-8B8D-4AB0-861E-FAEBE9DC0C73}) (Version: 9.0 - Star Finanz GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tag&Rename 3.5 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.5 - Softpointer Inc)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
Web Companion (HKLM-x32\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
XBMC (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\XBMC) (Version: - Team XBMC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-01-2015 06:01:20 Removed Google Earth Plug-in.
07-01-2015 23:04:28 Windows Update
08-01-2015 17:03:30 Prüfpunkt von HitmanPro
08-01-2015 17:04:30 Prüfpunkt von HitmanPro
08-01-2015 18:54:59 Removed Adobe Acrobat 9 Pro Extended 64-bit Add-On.
09-01-2015 00:01:12 Windows Automated Installation Kit wird installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00B1F9A7-BDF4-419D-8598-751166276420} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001UA => C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0422EE4B-4234-42A4-BCBA-6DD0097C98E8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {1AF7B609-D127-46A7-870A-53F718E36864} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {2A3BFE24-CB74-4F4D-B3DF-3F40DB545CC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {3E855990-8677-45F6-84B6-0491CB4BC86D} - System32\Tasks\{16E21AAC-4AF4-4D32-ABC1-95D6DC75B576} => pcalua.exe -a C:\Users\vladimir\Downloads\FLVPlayerSetup.exe -d C:\Users\vladimir\Downloads
Task: {44E78B6C-129F-44DA-9C96-FA371A5718A1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DC6540B-4B7E-4E1D-9A38-934AB14FA9F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6F6EE5BF-412D-41AA-A0D7-CACB4BAA0AE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {9C29DB38-31DC-4540-B3A5-004CE4E0C51B} - System32\Tasks\{EC862365-9A58-4D59-9ED0-D6F62FA30F8F} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {BFF5B8F5-88DD-4B53-826B-7CDA92D808ED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001Core => C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D1B659E7-EB5E-448B-8375-AE4F8264EDE6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {E9F423D4-81EB-4549-A58B-743BFD792404} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F8E6352B-7120-43FA-B4C0-DC912430D11E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FF38BDF2-E8DE-48DB-A77B-38F35F16EF9D} - System32\Tasks\{64486A69-B48B-4A18-9470-5F44D1F26655} => pcalua.exe -a C:\Users\vladimir\Downloads\CometBird_11.0_de_setup.exe -d C:\Users\vladimir\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001Core.job => C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3746786549-4074655040-3157731495-1001UA.job => C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-29 23:29 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-20 20:39 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2013-02-01 15:09 - 2013-02-01 15:09 - 12907520 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 02757456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2013-05-18 21:20 - 2006-12-11 01:14 - 00043008 _____ () D:\Tools\Packer - Programme\Win Rar\rarext64.dll
2013-05-02 10:47 - 2008-05-17 02:12 - 00048896 _____ () D:\Audio - Programme\TagRename\TRshell64.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-09 18:30 - 2015-01-09 18:30 - 00050477 _____ () C:\Users\vladimir\Desktop\Defogger.exe
2014-08-17 19:10 - 2011-01-13 09:44 - 00232800 _____ () D:\StarMoney\ouservice\PATCHW32.dll
2013-08-14 13:20 - 2012-04-01 07:03 - 01949184 _____ () C:\Program Files (x86)\CometBird\mozjs.dll
2014-12-10 11:20 - 2014-12-10 11:20 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear SA4VBE Device Manager.lnk => C:\Windows\pss\Philips GoGear SA4VBE Device Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\vladimir\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\vladimir\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B17DF3A66221A0B75A6BB6688AEBF93C => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Kies3PDLR.exe => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe Run Kies3
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MouseDriver => TiltWheelMouse.exe
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: PixelPlanet PdfPrinter-Monitor => "C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\vladimir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
========================= Accounts: ==========================
Administrator (S-1-5-21-3746786549-4074655040-3157731495-500 - Administrator - Disabled)
Familie Jost (S-1-5-21-3746786549-4074655040-3157731495-1004 - Administrator - Enabled) => C:\Users\Familie Jost
Gast (S-1-5-21-3746786549-4074655040-3157731495-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3746786549-4074655040-3157731495-1002 - Limited - Enabled)
vladimir (S-1-5-21-3746786549-4074655040-3157731495-1001 - Administrator - Enabled) => C:\Users\vladimir
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/09/2015 04:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/09/2015 04:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/09/2015 02:38:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/09/2015 02:37:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/09/2015 02:37:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/09/2015 02:35:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/09/2015 02:35:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/09/2015 02:35:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/09/2015 06:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartCD.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x75164f11
ID des fehlerhaften Prozesses: 0x1f1c
Startzeit der fehlerhaften Anwendung: 0xStartCD.exe0
Pfad der fehlerhaften Anwendung: StartCD.exe1
Pfad des fehlerhaften Moduls: StartCD.exe2
Berichtskennung: StartCD.exe3
Error: (01/08/2015 11:51:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/09/2015 01:36:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:36:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:36:06 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:36:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:36:00 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:35:58 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:35:55 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:35:52 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 01:35:49 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (01/09/2015 07:18:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/09/2015 04:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe
Error: (01/09/2015 04:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe
Error: (01/09/2015 02:38:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (01/09/2015 02:37:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1
Error: (01/09/2015 02:37:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
Error: (01/09/2015 02:35:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe
Error: (01/09/2015 02:35:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe
Error: (01/09/2015 02:35:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
Error: (01/09/2015 06:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: StartCD.exe0.0.0.000000000unknown0.0.0.000000000c000041d75164f111f1c01d02b96d6e00f32E:\StartCD.exeunknownf202f3f1-97bc-11e4-a45d-001d7d087eb6
Error: (01/08/2015 11:51:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\vladimir\Downloads\esetsmartinstaller_deu(1).exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 4094.49 MB
Available physical RAM: 900.99 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5077.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.18 GB) (Free:181.56 GB) NTFS
Drive d: (Programme) (Fixed) (Total:443.23 GB) (Free:191.35 GB) NTFS
Drive f: (Backup (1000 GB)) (Fixed) (Total:928.46 GB) (Free:392.08 GB) NTFS
Drive k: (Extern 1 - Musik (2000GB)) (Fixed) (Total:1863.02 GB) (Free:696.71 GB) NTFS
Drive l: (Extern 2 - Musik & Film (1500GB)) (Fixed) (Total:1397.26 GB) (Free:188.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 74058E64)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16DA9775)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 00144DCA)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002DE0F)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
10.01.2015, 16:45
| #6 |
| /// TB-Ausbilder | BetterMarkit lässt sich nicht entfernen Servus, berichte mir bitte, ob BetterMarkit auch nach den folgenden Schritte noch auftritt und wenn ja, in welchem Browser? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
C:\Program Files (x86)\Skillbrains
HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Program Files (x86)\Enigma Software Group
C:\Users\vladimir\AppData\Roaming\22543
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 3 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
10.01.2015, 18:55
| #7 |
| | BetterMarkit lässt sich nicht entfernenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by vladimir at 2015-01-10 18:40:40 Run:1
Running from C:\Users\vladimir\Desktop
Loaded Profile: vladimir (Available profiles: vladimir & Familie Jost)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
C:\Program Files (x86)\Skillbrains
HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Program Files (x86)\Enigma Software Group
C:\Users\vladimir\AppData\Roaming\22543
EmptyTemp:
end
*****************
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Lightshot => value deleted successfully.
C:\Program Files (x86)\Skillbrains => Moved successfully.
"HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Program Files (x86)\Enigma Software Group => Moved successfully.
C:\Users\vladimir\AppData\Roaming\22543 => Moved successfully.
EmptyTemp: => Removed 195.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 18:41:10 ====
Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 09-January-2015
Tool run by vladimir on 10.01.2015 at 17:38:21,09.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\vladimir\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10.01.2015 17:41:58 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\FAMILI~1\AppData\Roaming\CometNetwork\CometBird\Profiles\vrwmn7ah.Default User\prefs.js:
Added to C:\Users\FAMILI~1\AppData\Roaming\CometNetwork\CometBird\Profiles\vrwmn7ah.Default User\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\31iroxfs.Speedtest\prefs.js:
Added to C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\31iroxfs.Speedtest\prefs.js:
Deleted from C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\3dfpzqfo.Olli 433\prefs.js:
Added to C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\3dfpzqfo.Olli 433\prefs.js:
Deleted from C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\42cr2389.Dani 434\prefs.js:
Added to C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\42cr2389.Dani 434\prefs.js:
Deleted from C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\prefs.js:
Added to C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\prefs.js:
Deleted from C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\g4xjmmxw.Dani_380\prefs.js:
Added to C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\g4xjmmxw.Dani_380\prefs.js:
Deleted from C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\kme2kcbb.test\prefs.js:
Added to C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\kme2kcbb.test\prefs.js:
Deleted from C:\Users\vladimir\AppData\Roaming\Philips-Songbird\Profiles\t613lqgy.default\prefs.js:
Added to C:\Users\vladimir\AppData\Roaming\Philips-Songbird\Profiles\t613lqgy.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\FAMILI~1\AppData\Roaming\CometNetwork\CometBird\Profiles\vrwmn7ah.Default User
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\vladimir\AppData\Roaming\Philips-Songbird\Profiles\t613lqgy.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\31iroxfs.Speedtest
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- ClickMovie1-Downloaderv10 - %ProfilePath%\extensions\LPESNIOB27154074@RO39491085.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- YouTube mp3 - %ProfilePath%\extensions\info@youtube-mp3.org.xpi
- 1-Click YouTube Video Downloader - %ProfilePath%\extensions\YoutubeDownloader@PeterOlayev.com.xpi
ProfilePath: C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\3dfpzqfo.Olli 433
- ClickMovie1-Downloaderv10 - %ProfilePath%\extensions\LPESNIOB27154074@RO39491085.com
- Scriptish - %ProfilePath%\extensions\scriptish@erikvold.com.xpi
ProfilePath: C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\42cr2389.Dani 434
- ClickMovie1-Downloaderv10 - %ProfilePath%\extensions\LPESNIOB27154074@RO39491085.com
- Scriptish - %ProfilePath%\extensions\scriptish@erikvold.com.xpi
ProfilePath: C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default
- ClickMovie1-Downloaderv10 - %ProfilePath%\extensions\LPESNIOB27154074@RO39491085.com
- Lightshot herramienta de captura de pantallas - %ProfilePath%\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
- Botn de Aadir a la lista de deseos Amazon > - %ProfilePath%\extensions\amznUWL2@amazon.com.xpi
- Scriptish - %ProfilePath%\extensions\scriptish@erikvold.com.xpi
ProfilePath: C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\g4xjmmxw.Dani_380
- ClickMovie1-Downloaderv10 - %ProfilePath%\extensions\LPESNIOB27154074@RO39491085.com
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
ProfilePath: C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\kme2kcbb.test
- Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Complete YouTube Saver - %ProfilePath%\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
ProfilePath: C:\Users\vladimir\AppData\Roaming\Philips-Songbird\Profiles\t613lqgy.default
- Artwork Extras - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com
- Suporte cpia de CDs - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com
- Concertos - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com
- AAC Decoding Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com
- MP3 Encoding Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com
- File association - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com
- Philips GoGear Device Manager - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com
- gonzo - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com
- Fornecedor da pesquisa de metadados Gracenote - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com
- German de Language Pack - C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-de@songbirdnest.com
- mashTape - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com
- MSC Device Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com
- MTP Device Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com
- Philips addon manager - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com
- Philips Branding - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com
- LikeMusic - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com
- MinimizeToTray Plus for Philips Songbird - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com
- Philips auto msc-mtp switch - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com
- Philips Promotions - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com
- Philips Skin - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com
- Philips UI - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com
- Purple Rain - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com
- Media Sharing - C:\Program Files (x86)\Philips\Philips Songbird\extensions\sharing@songbirdnest.com
- Windows Media Playback - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com
==== Firefox Plugins ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Familie Jost\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Familie Jost\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 10.01.2015 at 17:43:51,61 ======================
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 17:58 on 10/01/2015 by vladimir
Administrator - Elevation successful
========== filefind ==========
Searching for "*BetterMarkit*"
No files found.
Searching for "*Lightshot*"
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe --a---- 226560 bytes [16:42 10/12/2014] [11:32 18/11/2014] 53C6C41356D532FEFD8056AB2906D129
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.dll --a---- 494080 bytes [08:02 17/12/2014] [10:28 16/12/2014] 409D86F705DC00EBC2B7216144D51FCE
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe --a---- 477184 bytes [08:02 17/12/2014] [10:28 16/12/2014] 85C275BAFD6A700980813CCFA11A5E14
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot entfernen.lnk --a---- 1188 bytes [08:02 17/12/2014] [08:02 17/12/2014] AC6F35B021ABD424BC813BAB21B0EAD8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk --a---- 1193 bytes [08:02 17/12/2014] [08:02 17/12/2014] CB785CB08167747DE301D9551EF7B676
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot entfernen.lnk --a---- 1188 bytes [08:02 17/12/2014] [08:02 17/12/2014] AC6F35B021ABD424BC813BAB21B0EAD8
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk --a---- 1193 bytes [08:02 17/12/2014] [08:02 17/12/2014] CB785CB08167747DE301D9551EF7B676
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\de\lightshot.dtd --a---- 67 bytes [20:19 11/09/2013] [14:56 13/11/2012] 2379BEE4B30FB3D1DC32EB734376F2C5
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\de\lightshot.properties --a---- 1166 bytes [20:19 11/09/2013] [14:56 13/11/2012] E39BE548AD058E72BE1D21AD721A7B4C
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\el\lightshot.dtd --a---- 71 bytes [20:19 11/09/2013] [14:56 13/11/2012] FA04D5111FF3B3D4C975D1C0BC3C9DF5
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\el\lightshot.properties --a---- 1512 bytes [20:19 11/09/2013] [14:56 13/11/2012] C49CB7258858A9AA61D67F6A89E37A8D
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\en-US\lightshot.dtd --a---- 68 bytes [20:19 11/09/2013] [14:56 13/11/2012] 808184242BE7BC2940DF8DF33C98A103
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\en-US\lightshot.properties --a---- 880 bytes [20:19 11/09/2013] [14:56 13/11/2012] 56673F2F942192F314106F05A743BA55
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\es\lightshot.dtd --a---- 67 bytes [20:19 11/09/2013] [14:56 13/11/2012] 8CE878E8196D5147C08BDF91574DBDA0
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\es\lightshot.properties --a---- 1160 bytes [20:19 11/09/2013] [14:56 13/11/2012] 37BB984DD042E779FE7956281D59711F
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\it\lightshot.dtd --a---- 72 bytes [20:19 11/09/2013] [14:56 13/11/2012] 0FF8307A7EB4B14C992DB4DF8053C155
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\it\lightshot.properties --a---- 1137 bytes [20:19 11/09/2013] [14:56 13/11/2012] 6E04525CE7B6ADA3C720D96EF89F7EF1
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\ru\lightshot.dtd --a---- 81 bytes [20:19 11/09/2013] [14:56 13/11/2012] A06DA2FCAA2EB6326EC17E9C91AB93CF
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\chrome\locale\ru\lightshot.properties --a---- 1488 bytes [20:19 11/09/2013] [14:56 13/11/2012] 2387ABBBB92CA2DF7A89952896ED5F9D
C:\Windows\Prefetch\LIGHTSHOT.EXE-0E7A43D7.pf --a---- 15420 bytes [06:48 10/01/2015] [06:48 10/01/2015] F784DB2D994B0390D484E50ACB88D5F7
C:\Windows\Prefetch\LIGHTSHOT.EXE-5BA57E08.pf --a---- 31874 bytes [06:48 10/01/2015] [06:48 10/01/2015] B511987156CDD543246D6B6C2CD98720
========== folderfind ==========
Searching for "*BetterMarkit*"
No folders found.
Searching for "*Lightshot*"
C:\Program Files (x86)\Skillbrains\lightshot d------ [16:42 10/12/2014]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot d------ [08:02 17/12/2014]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Lightshot d------ [08:02 17/12/2014]
========== regfind ==========
Searching for " BetterMarkit"
No data found.
Searching for "Lightshot"
[HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication]
"Name"="Lightshot.exe"
[HKEY_CURRENT_USER\Software\SkillBrains\Lightshot]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SkillBrains\Lightshot]
[HKEY_USERS\S-1-5-21-3746786549-4074655040-3157731495-1001\Software\Microsoft\Direct3D\MostRecentApplication]
"Name"="Lightshot.exe"
[HKEY_USERS\S-1-5-21-3746786549-4074655040-3157731495-1001\Software\SkillBrains\Lightshot]
-= EOF =-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by vladimir at 2015-01-10 18:08:54
Running from C:\Users\vladimir\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Videosoft 3D Converter 5.1.15 (HKLM-x32\...\{8C9467CB-02EF-4948-B1F3-725EEFA6D571}_is1) (Version: - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Ashampoo MP3 Cover Finder v.1.0.7 (HKLM-x32\...\{5A842CF6-7E61-52D7-C64C-2F20E9D408F1}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{BED35097-6053-4E51-B9EC-A779CCCDEE72}) (Version: 2.15.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork)
Dropbox (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IsoBuster 2.2 (HKLM-x32\...\IsoBuster_is1) (Version: 2.2 - Smart Projects)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MySQL Server 5.6 (HKLM\...\{56DA0CB5-ABD2-4318-BEAB-62FDBC9B12CC}) (Version: 5.6.10 - Oracle Corporation)
Nero 8 (HKLM-x32\...\{3C5F1B30-B10B-4579-86DD-D00F662E1031}) (Version: 8.3.171 - Nero AG)
Nero Mega Plugin Pack (HKLM-x32\...\{EF901A4B-A25A-4962-83C6-C6691D062ED9}) (Version: 2.0 - MaCiO)
NetTV+ Player 4 (HKLM-x32\...\NetTV+ Player 4) (Version: 00.04.05.04 - NETTVPLUS)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
Philips Media Convertor v1.2 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.45 - )
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
Readon TV Movie Radio Player 7.5.0.0 (HKLM-x32\...\{03840E8D-A75E-4C49-ADFC-09A867C7F943}) (Version: 7.5.0 - Readon Technology)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SiSoftware Sandra Lite 2013.SP6 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.66.2013.10 - SiSoftware)
SIW version 2010.03.10 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.03.10 - Topala Software Solutions)
Skype™ 6.18 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 S-Edition (HKLM-x32\...\{612E9353-8B8D-4AB0-861E-FAEBE9DC0C73}) (Version: 9.0 - Star Finanz GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tag&Rename 3.5 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.5 - Softpointer Inc)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
Web Companion (HKLM-x32\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
XBMC (HKU\S-1-5-21-3746786549-4074655040-3157731495-1001\...\XBMC) (Version: - Team XBMC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3746786549-4074655040-3157731495-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
08-01-2015 17:03:30 Prüfpunkt von HitmanPro
08-01-2015 17:04:30 Prüfpunkt von HitmanPro
08-01-2015 18:54:59 Removed Adobe Acrobat 9 Pro Extended 64-bit Add-On.
09-01-2015 00:01:12 Windows Automated Installation Kit wird installiert
09-01-2015 19:42:52 AA11
10-01-2015 17:41:33 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-09 23:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0422EE4B-4234-42A4-BCBA-6DD0097C98E8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {1AF7B609-D127-46A7-870A-53F718E36864} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {2A3BFE24-CB74-4F4D-B3DF-3F40DB545CC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {3E855990-8677-45F6-84B6-0491CB4BC86D} - System32\Tasks\{16E21AAC-4AF4-4D32-ABC1-95D6DC75B576} => pcalua.exe -a C:\Users\vladimir\Downloads\FLVPlayerSetup.exe -d C:\Users\vladimir\Downloads
Task: {44E78B6C-129F-44DA-9C96-FA371A5718A1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DC6540B-4B7E-4E1D-9A38-934AB14FA9F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6F6EE5BF-412D-41AA-A0D7-CACB4BAA0AE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {9C29DB38-31DC-4540-B3A5-004CE4E0C51B} - System32\Tasks\{EC862365-9A58-4D59-9ED0-D6F62FA30F8F} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {D1B659E7-EB5E-448B-8375-AE4F8264EDE6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {E9F423D4-81EB-4549-A58B-743BFD792404} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F8E6352B-7120-43FA-B4C0-DC912430D11E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FF38BDF2-E8DE-48DB-A77B-38F35F16EF9D} - System32\Tasks\{64486A69-B48B-4A18-9470-5F44D1F26655} => pcalua.exe -a C:\Users\vladimir\Downloads\CometBird_11.0_de_setup.exe -d C:\Users\vladimir\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-29 23:29 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-20 20:39 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-01 15:09 - 2013-02-01 15:09 - 12907520 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-18 21:20 - 2006-12-11 01:14 - 00043008 _____ () D:\Tools\Packer - Programme\Win Rar\rarext64.dll
2013-05-02 10:47 - 2008-05-17 02:12 - 00048896 _____ () D:\Audio - Programme\TagRename\TRshell64.dll
2014-08-17 19:10 - 2011-01-13 09:44 - 00232800 _____ () D:\StarMoney\ouservice\PATCHW32.dll
2013-08-14 13:20 - 2012-04-01 07:03 - 01949184 _____ () C:\Program Files (x86)\CometBird\mozjs.dll
2014-12-10 11:20 - 2014-12-10 11:20 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear SA4VBE Device Manager.lnk => C:\Windows\pss\Philips GoGear SA4VBE Device Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\vladimir\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\vladimir\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\vladimir\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B17DF3A66221A0B75A6BB6688AEBF93C => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Kies3PDLR.exe => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe Run Kies3
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MouseDriver => TiltWheelMouse.exe
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: PixelPlanet PdfPrinter-Monitor => "C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\vladimir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
========================= Accounts: ==========================
Administrator (S-1-5-21-3746786549-4074655040-3157731495-500 - Administrator - Disabled)
Familie Jost (S-1-5-21-3746786549-4074655040-3157731495-1004 - Administrator - Enabled) => C:\Users\Familie Jost
Gast (S-1-5-21-3746786549-4074655040-3157731495-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3746786549-4074655040-3157731495-1002 - Limited - Enabled)
vladimir (S-1-5-21-3746786549-4074655040-3157731495-1001 - Administrator - Enabled) => C:\Users\vladimir
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-01-09 23:12:32.889
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-09 23:12:32.796
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 4094.49 MB
Available physical RAM: 1949.21 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5764.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.18 GB) (Free:307.9 GB) NTFS
Drive d: (Programme) (Fixed) (Total:443.23 GB) (Free:67.71 GB) NTFS
Drive f: (Backup (1000 GB)) (Fixed) (Total:928.46 GB) (Free:402.06 GB) NTFS
Drive k: (Extern 1 - Musik (2000GB)) (Fixed) (Total:1863.02 GB) (Free:696.9 GB) NTFS
Drive l: (Extern 2 - Musik & Film (1500GB)) (Fixed) (Total:1397.26 GB) (Free:188.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 74058E64)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16DA9775)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 00144DCA)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002DE0F)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Das Problem hatte ich bei Mozilla (nicht mehr auf dem Rechner) und Chrome (den ich gerne wieder nutzen möchte). Erste Tests sehen soweit ganz gut aus, aber ich kann mir nicht vorstellen, das es nun ausschließlich an "Lightshot" gelegen haben soll .... es sei denn, die Malware hat dieses Plugin modifiziert. Ich nutze "Lightshot" seit Jahren und hatte nie Probleme. "Better MarkIt" hatte ich plötzlich und unerwartetseit dem 4. 0der 5. Januar... Ich teste noch etwas rum, starte den Rechner noch mal neu, und werde bochmal abschließend berichten. Danke erst mal Olli  |
|
11.01.2015, 13:16
| #8 |
| /// TB-Ausbilder | BetterMarkit lässt sich nicht entfernen Servus, ich sehe noch ein paar Adware-Reste in der Logdatei von Zoek.  Gibt es denn aktuell noch Probleme mit BetterMarkit? Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\31iroxfs.Speedtest\extensions\LPESNIOB27154074@RO39491085.com
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\3dfpzqfo.Olli 433\extensions\LPESNIOB27154074@RO39491085.com
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\42cr2389.Dani 434\extensions\LPESNIOB27154074@RO39491085.com
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\LPESNIOB27154074@RO39491085.com
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\g4xjmmxw.Dani_380\extensions\LPESNIOB27154074@RO39491085.com
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
12.01.2015, 17:31
| #9 |
| | BetterMarkit lässt sich nicht entfernenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by vladimir at 2015-01-11 20:14:53 Run:2
Running from C:\Users\vladimir\Desktop
Loaded Profile: vladimir (Available profiles: vladimir & Familie Jost)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\31iroxfs.Speedtest\extensions\LPESNIOB27154074@RO39491085.com
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\3dfpzqfo.Olli 433\extensions\LPESNIOB27154074@RO39491085.com
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\42cr2389.Dani 434\extensions\LPESNIOB27154074@RO39491085.com
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\LPESNIOB27154074@RO39491085.com
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\g4xjmmxw.Dani_380\extensions\LPESNIOB27154074@RO39491085.com
EmptyTemp:
end
*****************
Processes closed successfully.
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\31iroxfs.Speedtest\extensions\LPESNIOB27154074@RO39491085.com => Moved successfully.
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\3dfpzqfo.Olli 433\extensions\LPESNIOB27154074@RO39491085.com => Moved successfully.
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\42cr2389.Dani 434\extensions\LPESNIOB27154074@RO39491085.com => Moved successfully.
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\LPESNIOB27154074@RO39491085.com => Moved successfully.
C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\g4xjmmxw.Dani_380\extensions\LPESNIOB27154074@RO39491085.com => Moved successfully.
EmptyTemp: => Removed 205.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 20:15:12 ====
Code:
ATTFilter
ESET hat keinen neuen Log geschrieben. Es stand aber bei Beendigung: "Keine verdächtigen Dateien gefunden" oder so ähnlich. Habe nur ein Logfile vom 06.01. (kann ich vll. noch mal separat schicken) Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 8.0
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Java 7 Update 67
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader XI
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
ouservice StarMoneyOnlineUpdate.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
12.01.2015, 17:35
| #10 |
| /// TB-Ausbilder | BetterMarkit lässt sich nicht entfernen Servus, noch Probleme mit BetterMarkit in einem der Browser? Wenn ja, in welchem Browser? |
|
12.01.2015, 17:58
| #11 |
| | BetterMarkit lässt sich nicht entfernen nein, alles weg bisher. Ich bin saufroh!  |
|
12.01.2015, 19:27
| #12 |
| /// TB-Ausbilder | BetterMarkit lässt sich nicht entfernen Eset ODER Ad-Adware deinstallieren Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
Schritt 2 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:
Schritt 3 Die Reihenfolge ist hier entscheidend.
Schritt 4 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
13.01.2015, 22:28
| #13 |
| | BetterMarkit lässt sich nicht entfernen Hallo, mir bleibt nur noch, mich herzlichst zu bedanken. Es scheint alles wieder "sauber" zu sein. ich hatte nur noch einen Netzwerkfehler (Microsoft Teredo-Tunneling-Adapter liefert Fehlercode 10), den ich aber selber beheben konnte. Als AV Programm hatte ich bisher "Microsoft Security Essentials" und die Free-Version von Malwarebytes. Mittlerweile habe ich Malwarebytes auf Premium upgedated und Essentials runter gehauen und eine 30 Tage Testversion von ESET. Ich denke nach Ablauf der Testzeit werde ich auch da die Vollversion holen. Super Job. Werde Euch weiter empfehlen Olli |
|
14.01.2015, 17:36
| #14 |
| /// TB-Ausbilder | BetterMarkit lässt sich nicht entfernen Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu BetterMarkit lässt sich nicht entfernen |
| ad-aware, antivirus, bettermarkit, browser, computer, converter, entfernen, failed, fehler, flash player, helper, hängen, iexplore.exe, malware, malwarebytes premium, mozilla, mp3, officejet, registry, scan, security, server, starmoney, svchost.exe, system, teredo, updates, virus, web companion, webcompanion, windows, windows xp |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
