| |
| |||||||
Log-Analyse und Auswertung: Bikiniland eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.02.2015, 13:23
| #1 |
 |  Bikiniland eingefangen Hallo zusammen, ich weiß gar nicht genau, was ich genau gemacht habe. Auf jeden Fall habe ich mir diesen Bikiniland-Trojaner eingefangen und bekomme ihn nicht entfernt. Ich habe bereits in einem anderen Tread gelesen, welche Vorarbeiten gemacht werden sollen. So habe ich bereits einen FRST-Scan gemacht. Anbei meine Logfiles: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by alf (administrator) on ALF-PC on 23-02-2015 13:10:32
Running from C:\Users\alf\Downloads
Loaded Profiles: alf (Available profiles: alf & nicole)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Option) C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Search\WebSearch.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
() C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [Amazon Music] => C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {52d18c7e-85dd-11e4-a0e1-0013779cb325} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed5fe-86cd-11e4-96d5-00f1d000f1d0} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed62f-86cd-11e4-96d5-00f1d000f1d0} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed635-86cd-11e4-96d5-001e101f4e71} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
ProxyEnable: [S-1-5-21-3266977579-4003141749-4249582801-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3266977579-4003141749-4249582801-1003] => http=127.0.0.1:8897;https=127.0.0.1:8897
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://depecheworld.de/
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> DefaultScope {E78C2635-504D-4B35-B8F8-CAD77C88FD0F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {E78C2635-504D-4B35-B8F8-CAD77C88FD0F} URL = https://www.google.com/search?q={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default
FF Homepage: hxxp://depecheworld.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3266977579-4003141749-4249582801-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\searchplugins\Binkiland.xml
FF Extension: Flash Video Downloader - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\artur.dubovoy@gmail.com [2014-01-30]
FF Extension: DownloadHelper - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-30]
FF Extension: Set Search Settings - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{e48eb377-9675-4f2b-be40-b8ba3e0d933c} [2015-02-20]
FF Extension: Adblock Plus - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-17]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-17]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1FLDB_enDE556DE556&ion=1&espv=2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_secureddownload_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAtC0B0Ezzzzzy0DyDzyyEtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFzytN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtCyEyD0CyB0CzztG0DyByDzztGtAyBtCyBtGyEyDtAtAtGtA0AyCzztByBtA0FtC0CzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyDtA0F0CtA0EyCtGyB0AyD0AtGyEtAyE0DtG0A0A0ByEtG0AtD0BtAtDzyzztAtA0CzzyD2Q&cr=1040231234&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-03]
CHR Extension: (Google Drive) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-03]
CHR Extension: (Google Search) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-03]
CHR Extension: (Google Wallet) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Gmail) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-02-20] (SUPERAntiSpyware.com)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 DailytoolsUpdateService; C:\Windows\System32\update1.dll [352256 2014-08-23] (Dailytools GmbH) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 GtDetectSc; C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [204915 2007-11-05] (Option) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-11-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
R2 Search; C:\Program Files\Search\WebSearch.exe [435184 2014-12-18] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\alf\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 14510131; C:\Windows\System32\DRIVERS\14510131.sys [128016 2009-09-25] (Kaspersky Lab)
R0 14510132; C:\Windows\System32\DRIVERS\14510132.sys [37392 2009-10-22] (Kaspersky Lab)
R1 82524381; C:\Windows\System32\DRIVERS\82524381.sys [128016 2009-09-25] (Kaspersky Lab)
R0 82524382; C:\Windows\System32\DRIVERS\82524382.sys [37392 2009-10-22] (Kaspersky Lab)
S2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2002-07-17] (Adaptec) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [95744 2007-07-09] (Option NV)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [51968 2007-06-26] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TSP; C:\Windows\system32\drivers\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2007-10-17] (Vimicro Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 13:10 - 2015-02-23 13:12 - 00028853 _____ () C:\Users\alf\Downloads\FRST.txt
2015-02-23 13:09 - 2015-02-23 13:10 - 00000000 ____D () C:\FRST
2015-02-23 13:07 - 2015-02-23 13:07 - 01126912 _____ (Farbar) C:\Users\alf\Downloads\FRST.exe
2015-02-20 13:59 - 2015-02-20 13:59 - 00050946 _____ () C:\Windows\PFRO.log
2015-02-20 13:13 - 2015-02-20 13:14 - 00032798 _____ () C:\Users\alf\Downloads\Documents\cc_20150220_131353.reg
2015-02-20 12:49 - 2015-02-20 12:49 - 00000000 ____D () C:\SUPERDelete
2015-02-17 19:38 - 2015-02-17 19:38 - 00002071 _____ () C:\Users\alf\Desktop\Sicherer Zahlungsverkehr.lnk
2015-02-17 19:03 - 2015-02-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-17 19:03 - 2015-02-17 18:59 - 00001977 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-17 18:50 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-17 18:50 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-17 18:50 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-17 18:44 - 2015-02-17 18:46 - 197295744 _____ (Kaspersky Lab) C:\Users\alf\Downloads\kis15.0.2.361de-de.exe
2015-02-17 18:18 - 2015-02-17 18:21 - 302470552 _____ (AMD Inc.) C:\Users\alf\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-02-17 16:30 - 2015-02-17 16:30 - 00000000 ____D () C:\ProgramData\{829A6A59-D218-BBDF-639E-CB5DB31C18D3}
2015-02-17 16:29 - 2015-02-17 16:29 - 00000000 ____D () C:\Users\alf\AppData\Local\StormFall
2015-02-12 12:11 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 12:11 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 11:14 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 11:11 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 11:10 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 11:05 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 11:05 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:34 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:34 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 10:34 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:34 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:34 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:34 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 10:34 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 10:34 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 10:34 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 16:48 - 2015-02-23 13:12 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Skype
2015-02-08 16:48 - 2015-02-10 13:57 - 00002489 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-02-08 16:48 - 2015-02-10 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ___RD () C:\Program Files\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Users\alf\AppData\Local\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-02-08 16:47 - 2015-02-10 13:57 - 00000000 ____D () C:\ProgramData\Skype
2015-02-06 21:00 - 2015-02-06 21:00 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-06 21:00 - 2015-02-06 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-06 20:58 - 2015-02-06 21:00 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-06 20:58 - 2015-02-06 20:58 - 00000000 ____D () C:\Program Files\iPod
2015-01-30 16:03 - 2015-01-30 16:03 - 00134980 _____ () C:\Users\alf\Downloads\Chordify_Erasure-How-Many-Times-Graham-Foster.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 13:03 - 2006-11-02 13:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 13:03 - 2006-11-02 13:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 13:02 - 2009-02-27 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-23 12:34 - 2013-08-17 18:31 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 12:24 - 2012-03-30 18:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 09:34 - 2008-07-16 11:33 - 01194092 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 20:38 - 2013-08-17 18:33 - 00001923 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-22 20:26 - 2008-12-02 09:56 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2015-02-22 19:54 - 2012-05-27 22:09 - 00000000 ___RD () C:\Users\alf\Dropbox
2015-02-22 19:54 - 2012-05-27 22:05 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Dropbox
2015-02-22 19:52 - 2013-08-17 18:31 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 19:51 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-20 16:04 - 2008-04-16 00:00 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-20 16:04 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-20 13:16 - 2009-06-14 19:36 - 00000000 ____D () C:\Windows\pss
2015-02-20 13:07 - 2014-05-31 18:11 - 00000000 ____D () C:\Program Files\Steam
2015-02-20 13:06 - 2009-01-27 15:29 - 00000000 ____D () C:\Windows\Minidump
2015-02-20 13:03 - 2013-01-01 22:26 - 00000764 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-20 13:03 - 2011-07-02 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 13:03 - 2009-03-07 20:35 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 13:03 - 2009-03-07 20:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 11:59 - 2006-11-02 11:33 - 00007240 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 11:56 - 2012-02-27 23:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-17 19:15 - 2009-02-27 22:54 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-02-17 19:09 - 2009-02-01 11:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-02-17 18:58 - 2008-09-08 19:13 - 00000000 ____D () C:\Users\alf
2015-02-17 18:07 - 2008-09-08 21:30 - 00000000 ____D () C:\Users\nicole
2015-02-17 18:07 - 2008-04-16 00:17 - 00000000 ____D () C:\Windows\VMC302
2015-02-17 18:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-17 18:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-17 18:07 - 2006-11-02 11:22 - 93061120 _____ () C:\Windows\system32\config\system_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 80216064 _____ () C:\Windows\system32\config\software_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 45613056 _____ () C:\Windows\system32\config\components_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 00098304 _____ () C:\Windows\system32\config\sam_previous
2015-02-17 17:36 - 2013-05-07 15:59 - 00262144 _____ () C:\Windows\system32\config\elam
2015-02-13 11:04 - 2014-09-23 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-13 10:06 - 2012-05-27 22:09 - 00000949 _____ () C:\Users\alf\Desktop\Dropbox.lnk
2015-02-13 10:06 - 2012-05-27 22:07 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 11:46 - 2006-11-02 13:47 - 02525824 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 11:39 - 2013-08-15 17:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 11:16 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 11:13 - 2008-04-16 02:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-10 13:48 - 2012-03-13 09:07 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Spotify
2015-02-10 13:06 - 2012-03-13 09:09 - 00000000 ____D () C:\Users\alf\AppData\Local\Spotify
2015-02-09 15:18 - 2013-10-21 18:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-09 14:58 - 2009-03-12 21:41 - 00000000 ____D () C:\Program Files\Java
2015-02-09 14:56 - 2014-11-29 16:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-06 21:00 - 2012-04-01 09:56 - 00000000 ____D () C:\Program Files\iTunes
2015-02-06 20:58 - 2008-09-20 20:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-06 19:24 - 2012-03-30 18:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 19:24 - 2011-05-15 09:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-03-05 17:11 - 2014-03-20 20:43 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2009-02-24 21:36 - 2009-02-24 21:41 - 2616184 _____ () C:\Users\alf\AppData\Roaming\install.txt
2010-03-14 22:00 - 2010-03-14 22:00 - 0000018 _____ () C:\Users\alf\AppData\Roaming\userdic.tlx
2009-01-01 16:58 - 2009-09-03 19:49 - 0005402 _____ () C:\Users\alf\AppData\Roaming\UserTile.png
2013-07-27 15:15 - 2014-01-27 21:25 - 0000139 _____ () C:\Users\alf\AppData\Roaming\WB.CFG
2013-06-18 19:15 - 2014-01-27 21:25 - 0000005 _____ () C:\Users\alf\AppData\Roaming\WBPU-TTL.DAT
2008-10-28 22:10 - 2014-01-28 18:23 - 0000680 _____ () C:\Users\alf\AppData\Local\d3d9caps.dat
2008-09-09 21:20 - 2014-12-23 12:22 - 0149504 _____ () C:\Users\alf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-12 19:41 - 2009-06-12 19:41 - 0000091 _____ () C:\Users\alf\AppData\Local\fusioncache.dat
2010-02-16 22:25 - 2012-02-08 23:06 - 1184696 _____ () C:\Users\alf\AppData\Local\rx_audio.Cache
2010-02-16 22:24 - 2012-02-08 23:06 - 18382848 _____ () C:\Users\alf\AppData\Local\rx_image.Cache
2012-03-05 21:07 - 2012-03-05 21:07 - 0017408 _____ () C:\Users\alf\AppData\Local\WebpageIcons.db
2013-07-13 19:24 - 2013-07-13 19:32 - 0000008 _____ () C:\Users\alf\AppData\Local\~wmrg
2009-08-30 15:32 - 2009-09-01 16:33 - 0002060 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\alf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqwpv6.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-22 20:06
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
Ran by alf at 2015-02-23 13:13:12
Running from C:\Users\alf\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (HKLM\...\Adobe_25db75244653b42cb93dc27939d1c0e) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Fireworks CS4 (HKLM\...\Adobe_ccb135070a90ff24d6e7cc4bc5a59cb) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Music (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
ATI Catalyst Install Manager (HKLM\...\{9DCC214C-CD1A-1115-6775-A9056185FE4E}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 34790577.-2.1999270006.1999269020 - Audible, Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AVStation Now (HKLM\...\InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}) (Version: 4.0.10.6 - Ihr Firmenname)
AVStation Now (Version: 4.0.10.6 - Ihr Firmenname) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BUDNI Fotowelt (HKLM\...\BUDNI Fotowelt) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (HKLM\...\{2433BAD7-453F-473D-BE81-455E68940DEB}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0318.2139.36886 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 120.0.214.000 - Hewlett-Packard) Hidden
Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
D6100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
D6100_D7100_D7300_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DirectXInstallService (Version: 9.0.1 - Roxio) Hidden
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2103 - CyberLink Corporation)
East-Tec DisposeSecure 2006 Enterprise Version 3.5 (HKLM\...\East-Tec DisposeSecure 2006 Enterprise_is1) (Version: - EAST Technologies)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - )
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Ihr Firmenname)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Exact Audio Copy 0.99pb3 (HKLM\...\Exact Audio Copy) (Version: 0.99pb3 - Andre Wiethoff)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Firefighters 2014 (HKLM\...\Steam App 291910) (Version: - VIS - Visual Imagination Software)
GEAR driver installer 4.020 (HKLM\...\{983CFCAC-5C96-4018-8BEC-D6581644C654}) (Version: 4.020.5 - GEAR Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Deskjet & Photosmart Printer Driver Software 8.0.A (HKLM\...\{981DE354-9301-440f-AAFC-025AA2354A93}) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP PrecisionScan LTX (HKLM\...\HP PrecisionScan LTX) (Version: - )
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
LabelPrint 2.0 (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: - )
Lansweeper 3.2 (HKLM\...\Lansweeper_is1) (Version: 3.2 - Lansweeper.com)
LightScribe 1.8.15.1 (Version: 1.8.15.1 - hxxp://www.lightscribe.com) Hidden
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Namo WebEditor 8 (HKLM\...\{D3507473-2CE3-4073-A6BA-A0846B5CC687}) (Version: 8.00.000 - Namo Interactive, Inc.)
Nero 8 (HKLM\...\{B944FA21-81AF-4A77-8328-CE4F4CC51031}) (Version: 8.10.20 - Nero AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.47 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.47 - Ihr Firmenname) Hidden
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - )
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2802.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074429(3.7)_Vista_SSPC - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5659 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SF_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden
SF_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
Skins (Version: 2008.0318.2139.36886 - ATI) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.2160.11 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.2160.11 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.2160.11 - TuneUp Software) Hidden
Ulead GIF Animator 5 (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VueScan x32 (HKLM\...\VueScan x32) (Version: - )
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
web'n'walk Manager (HKLM\...\{25DEC9F7-08C7-4511-9B4A-40A61E40658E}) (Version: 2.5.0.68 - Option NV)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - WIDCOMM, Inc.)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
20-02-2015 10:56:09 Geplanter Prüfpunkt
22-02-2015 21:10:20 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2013-03-15 17:31 - 00000147 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11DEB8AD-8E8C-419C-9F28-016A1A1AD042} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {15AACBCD-297F-4BB0-AB85-AB400AC60522} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {21F9C1A5-3777-4A83-9D09-83197CE45669} - System32\Tasks\{AB9605BB-53F4-494E-AE24-32FB6BA003F3} => pcalua.exe -a C:\Users\alf\Downloads\INSTALL.EXE -d C:\Users\alf\Downloads
Task: {264C2D85-4D5C-48FB-9363-5D0CC6859E69} - System32\Tasks\{6D9A986F-D59D-421B-831B-EA8AA0DEF238} => pcalua.exe -a "C:\Users\alf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TP1BFNC\vlc[1].exe" -d C:\Users\alf\Desktop
Task: {2AA082C7-4803-4954-B360-FF0E5BC76E68} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.)
Task: {2B8DA84C-C3AF-4A6E-BB38-C16B0B72FAFC} - System32\Tasks\Microsoft\Windows\RestartManager\{92ADDA93-CC20-4b30-8ED0-D8B450D62735} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {42016A41-AF7B-4605-86F6-9DA4A299A70E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4F3F5B76-406E-40B7-94CD-8BD3C1163081} - System32\Tasks\{CF628063-ABC7-480C-BD11-65B3E8D0773F} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11"
Task: {560263C3-F387-4F2A-8AB2-F60B20106E19} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software)
Task: {578A8F9A-D86C-4B43-BB35-831D6DA7E1EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {578F03D0-EE09-4B88-8CDB-BB25BAE85976} - System32\Tasks\Microsoft\Windows\RestartManager\{5577BCA0-7EED-4e1e-AD1E-5325F08E3608} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {58E271A3-5212-4CC5-BCA1-9190A360B28B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {66636432-B073-4797-9DB4-D68B08855FDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {76D47263-9F0C-4474-B644-4BEC73D0EAA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {7F369FDF-17D5-4130-B165-7917412526D4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {82583C58-CBA8-4AC1-A74E-8CE24ADE034E} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.)
Task: {827EAA49-9A57-4686-AFE9-C82866E5C0AD} - System32\Tasks\advSRSII => C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe [2008-01-30] ()
Task: {8BF12B5C-D95F-479D-833E-EF0E03E76985} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {999BD4AD-CB5B-43F6-86D9-30E8C1B0B88F} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {B6FAED13-534C-4A73-80DD-01F6B6D4BC88} - System32\Tasks\{385CEB9D-3E12-4A4D-87B1-FD8BBC53EA74} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17"
Task: {C1C46FF6-7EA2-4B8B-9405-6113FED34DD7} - System32\Tasks\{3F0472EA-5B61-440E-BD66-7371BC1CE214} => pcalua.exe -a E:\EMC_100\BIN\DotNetFX.exe -d E:\ -c /q:a /c:"install /l /q"
Task: {C599191B-7D1C-4794-BD13-42607939D790} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {D9ED82AA-A714-40E1-84F5-FEC679BEE95E} - System32\Tasks\Microsoft\Windows\RestartManager\{5C024DC4-95AB-47d0-A784-B08DE36E3C6F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E12679BA-7AFE-4C57-9320-951BE12D7ADA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - alf => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {EC7BFDA4-4533-4C92-95E6-2AFF5B0DDB81} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.)
Task: {F8A5340B-69BF-4AEE-9F50-6E30203EF659} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics)
Task: {FB3124CF-9294-4236-82B0-D1B1037E56AD} - System32\Tasks\{FDB66AAD-065A-4401-A416-6116F367E2FF} => pcalua.exe -a C:\Users\alf\Downloads\sj644ge\SETUP.EXE -d C:\Users\alf\Downloads\sj644ge
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D403DEC0-4150-4592-8848-B141569C6080}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-17 12:26 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2008-04-16 00:22 - 2006-12-19 14:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-08-08 22:13 - 2014-12-18 17:20 - 00435184 _____ () C:\Program Files\Search\WebSearch.exe
2008-12-01 16:16 - 2005-10-07 15:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2008-04-15 06:40 - 2008-03-18 14:04 - 00159744 ____N () C:\Windows\system32\atitmmxx.dll
2008-04-16 00:43 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2008-04-16 00:39 - 2008-01-30 04:00 - 01926144 _____ () C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
2008-04-16 00:39 - 2007-12-09 07:08 - 02811392 _____ () C:\Program Files\Samsung\Samsung Recovery Solution II\Resdll.dll
2008-04-16 02:14 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-04-16 00:37 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-04-16 00:37 - 2006-09-19 01:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll
2014-10-06 23:15 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-22 19:54 - 2015-02-22 19:54 - 00043008 _____ () c:\users\alf\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqwpv6.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2008-03-18 04:21 - 2008-03-18 04:21 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\alf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dienst-Manager.lnk => C:\Windows\pss\Dienst-Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk => C:\Windows\pss\Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk => C:\Windows\pss\web'n'walk Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^alf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^alf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Windows Calendar.lnk => C:\Windows\pss\Windows Calendar.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\alf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040509 serial=dr12cub-5137358-mcc lang=DE
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LELA => "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\alf\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\alf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe
MSCONFIG\startupreg: Windows Defender => "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
==================== Accounts: =============================
Administrator (S-1-5-21-3266977579-4003141749-4249582801-500 - Administrator - Disabled)
alf (S-1-5-21-3266977579-4003141749-4249582801-1003 - Administrator - Enabled) => C:\Users\alf
ASPNET (S-1-5-21-3266977579-4003141749-4249582801-1007 - Limited - Enabled)
Gast (S-1-5-21-3266977579-4003141749-4249582801-501 - Limited - Disabled)
nicole (S-1-5-21-3266977579-4003141749-4249582801-1004 - Limited - Enabled) => C:\Users\nicole
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/23/2015 09:33:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40741611
Error: (02/23/2015 09:33:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40741611
Error: (02/23/2015 09:33:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/23/2015 09:33:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40740597
Error: (02/23/2015 09:33:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40740597
Error: (02/23/2015 09:33:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/23/2015 09:33:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40739599
Error: (02/23/2015 09:33:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40739599
Error: (02/23/2015 09:33:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/23/2015 09:33:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40738601
System errors:
=============
Error: (02/22/2015 07:53:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Search
Error: (02/22/2015 07:53:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (02/22/2015 07:52:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3
Error: (02/22/2015 07:52:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Aspi32%%2
Error: (02/22/2015 07:52:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (02/20/2015 02:46:38 PM) (Source: DCOM) (EventID: 10016) (User: alf-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}alf-PCalfS-1-5-21-3266977579-4003141749-4249582801-1003LocalHost (unter Verwendung von LRPC)
Error: (02/20/2015 02:01:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Search
Error: (02/20/2015 02:01:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (02/20/2015 02:01:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3
Error: (02/20/2015 02:01:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Aspi32%%2
Microsoft Office Sessions:
=========================
Error: (01/03/2015 09:35:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1343 seconds with 480 seconds of active time. This session ended with a crash.
Error: (12/17/2014 00:35:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/07/2013 06:35:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/22/2013 05:26:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13832 seconds with 7920 seconds of active time. This session ended with a crash.
Error: (01/06/2012 10:59:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2611 seconds with 180 seconds of active time. This session ended with a crash.
Error: (09/16/2011 06:47:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/16/2010 07:16:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 237 seconds with 120 seconds of active time. This session ended with a crash.
Error: (07/20/2010 08:25:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 80 seconds with 60 seconds of active time. This session ended with a crash.
Error: (03/08/2010 02:49:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1450 seconds with 120 seconds of active time. This session ended with a crash.
Error: (03/01/2010 05:38:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 258 seconds with 180 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-02-23 13:12:54.026
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:53.073
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:52.102
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:51.129
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:49.865
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:48.900
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:47.924
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:46.958
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:45.923
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 13:12:44.957
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 62%
Total physical RAM: 3069.45 MB
Available physical RAM: 1143.38 MB
Total Pagefile: 6375.21 MB
Available Pagefile: 3918.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:144 GB) (Free:20.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144.09 GB) (Free:35.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: BD17C37C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich hoffe, Ihr könnt mir evtl. helfen. Vielen Dank schonmal!!! |
|
23.02.2015, 13:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bikiniland eingefangen Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.02.2015, 17:29
| #3 |
| | Bikiniland eingefangen Ich habe nochmal SuperAntiSpy drüber laufen lassen:
__________________Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/23/2015 at 05:27 PM
Application Version : 6.0.1170
Database Version : 11759
Scan type : Quick Scan
Total Scan Time : 00:06:15
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 774
Memory threats detected : 0
Registry items scanned : 21216
Registry threats detected : 0
File items scanned : 4732
File threats detected : 29
Adware.Tracking Cookie
.imrworldwide.com [ C:\USERS\ALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CDCPTM33.DEFAULT\COOKIES.SQLITE ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\3BIPE8C8.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\3BIPE8C8.txt [ /revsci.net ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\LTTPY0NZ.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\LTTPY0NZ.txt [ /ad2.adfarm1.adition.com ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\LDGAMC4U.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\LDGAMC4U.txt [ /ad1.adfarm1.adition.com ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\PETT42KO.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\PETT42KO.txt [ /adform.net ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\EWH21XIK.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\EWH21XIK.txt [ /c1.adform.net ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\QR7XSKUK.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\QR7XSKUK.txt [ /ad.360yield.com ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\H8EUEQMI.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\H8EUEQMI.txt [ /casalemedia.com ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\J9XM05LZ.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\J9XM05LZ.txt [ /smartadserver.com ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\VPAMYNLT.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\VPAMYNLT.txt [ /doubleclick.net ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\VXRJLUSA.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\VXRJLUSA.txt [ /burstnet.com ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\3PK6K3FG.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\3PK6K3FG.txt [ /at.atwola.com ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\HLVAOP23.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\HLVAOP23.txt [ /adtech.de ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\RP0A9KXG.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\RP0A9KXG.txt [ /www.usenext.de ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\U8X2J5Y9.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\U8X2J5Y9.txt [ /ad3.adfarm1.adition.com ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\RV2271PA.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\RV2271PA.txt [ /adfarm1.adition.com ]
C:\USERS\ALF\Cookies\3BIPE8C8.txtC:\USERS\ALF\Cookies\3BIPE8C8.txt [ Cookie:alf@revsci.net/ ]
C:\USERS\ALF\Cookies\LTTPY0NZ.txtC:\USERS\ALF\Cookies\LTTPY0NZ.txt [ Cookie:alf@ad2.adfarm1.adition.com/ ]
C:\USERS\ALF\Cookies\LDGAMC4U.txtC:\USERS\ALF\Cookies\LDGAMC4U.txt [ Cookie:alf@ad1.adfarm1.adition.com/ ]
C:\USERS\ALF\Cookies\PETT42KO.txtC:\USERS\ALF\Cookies\PETT42KO.txt [ Cookie:alf@adform.net/ ]
C:\USERS\ALF\Cookies\EWH21XIK.txtC:\USERS\ALF\Cookies\EWH21XIK.txt [ Cookie:alf@c1.adform.net/ ]
C:\USERS\ALF\Cookies\H8EUEQMI.txtC:\USERS\ALF\Cookies\H8EUEQMI.txt [ Cookie:alf@casalemedia.com/ ]
C:\USERS\ALF\Cookies\VPAMYNLT.txtC:\USERS\ALF\Cookies\VPAMYNLT.txt [ Cookie:alf@doubleclick.net/ ]
C:\USERS\ALF\Cookies\VXRJLUSA.txtC:\USERS\ALF\Cookies\VXRJLUSA.txt [ Cookie:alf@burstnet.com/ ]
C:\USERS\ALF\Cookies\3PK6K3FG.txtC:\USERS\ALF\Cookies\3PK6K3FG.txt [ Cookie:alf@at.atwola.com/ ]
C:\USERS\ALF\Cookies\HLVAOP23.txtC:\USERS\ALF\Cookies\HLVAOP23.txt [ Cookie:alf@adtech.de/ ]
C:\USERS\ALF\Cookies\RP0A9KXG.txtC:\USERS\ALF\Cookies\RP0A9KXG.txt [ Cookie:alf@www.usenext.de/ ]
C:\USERS\ALF\Cookies\U8X2J5Y9.txtC:\USERS\ALF\Cookies\U8X2J5Y9.txt [ Cookie:alf@ad3.adfarm1.adition.com/ ]
C:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VQCYI4W.txtC:\Users\alf\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VQCYI4W.txt [ /imrworldwide.com ]
============
End of Log
============
|
|
23.02.2015, 21:12
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bikiniland eingefangen Was hab ich denn da extra dick geschrieben?  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.02.2015, 21:20
| #5 |
| | Bikiniland eingefangen ups, ganz großes sorry!!! und nu? |
|
23.02.2015, 21:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bikiniland eingefangen Was ist jetzt mit den Logs?? Bitte klare Ansagen was Sache ist!
__________________ --> Bikiniland eingefangen |
|
23.02.2015, 21:40
| #7 |
| | Bikiniland eingefangen Die Logs habe ich oben gepostet. Weitere Logs habe ich nicht. |
|
23.02.2015, 22:22
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bikiniland eingefangen Ich wollte eigentlich nur ne klare Ansage bzgl. meiner zwei fettgeposteten Zeilen haben...neuen Durchläfe mit Virenscannern sollte ja nicht gemacht werden. So viel Infos stehen ja in zwei Zeilen nicht drin, dass man sich das nicht merken könnte... Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2015, 23:56
| #9 |
| | Bikiniland eingefangen Ok, wird gemacht. Zu Schritt 1: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 23/02/2015 um 23:15:22
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : alf - ALF-PC
# Gestarted von : C:\Users\alf\Desktop\AdwCleaner_4.111.exe
# Option : Suchlauf
***** [ Dienste ] *****
Dienst Gefunden : DailytoolsUpdateService
Dienst Gefunden : Search
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\user.js
Datei Gefunden : C:\Windows\system32\update1.dll
Ordner Gefunden : C:\Program Files\Fighters
Ordner Gefunden : C:\Program Files\Mipony
Ordner Gefunden : C:\Program Files\Search
Ordner Gefunden : C:\ProgramData\Fighters
Ordner Gefunden : C:\Users\alf\AppData\Roaming\GrabPro
Ordner Gefunden : C:\Users\alf\AppData\Roaming\Gutscheinmieze
Ordner Gefunden : C:\Users\alf\AppData\Roaming\Mipony
Ordner Gefunden : C:\Users\alf\AppData\Roaming\ProgSense
***** [ Geplante Tasks ] *****
Task Gefunden : Dealply
Task Gefunden : DSite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;www.joosoft.com
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8897;hxxps=127.0.0.1:8897
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mipony Download Manager Packages
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NCH_DE Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gefunden : HKCU\Software\ProgSense
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gefunden : HKLM\SOFTWARE\Joosoft.com
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Wert Gefunden : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService]
Wert Gefunden : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService]
Wert Gefunden : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [Update-Service-Installer-Service]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16609
-\\ Mozilla Firefox v26.0 (de)
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [25355 Bytes] - [10/04/2014 14:46:05]
AdwCleaner[R1].txt - [2842 Bytes] - [23/02/2015 23:15:22]
AdwCleaner[S0].txt - [24213 Bytes] - [10/04/2014 14:49:08]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2961 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by alf on 23.02.2015 at 23:33:56,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\alf\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Program Files\fighters"
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{010B85C9-0441-46C0-993D-9FD573B257EB}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{096BBB16-E7E3-4DEC-8FE0-0C86719B5F10}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{0B48F92D-3880-422A-81CA-F1905C8E34C7}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{0E5274EA-B959-48C1-9C9B-941863A90A58}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{10C46C7F-9178-492D-96EC-7B6CEA2AD4A4}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{11456F85-B81E-4209-9518-42A26FAE35C0}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{1365B6C8-8659-4FDA-AC07-AACF9810DB62}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{1603CE62-271C-4B1F-B45D-7D8EA87BE5EA}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{17A1106A-3184-4AED-9F1D-D76B70DABBD7}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{1B80C161-EBBB-49BF-A1E0-B24B6C6E1C38}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{1F777BB8-7373-45A8-BF3B-B7B50AC01152}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{210B3E6D-CCE7-41AC-8B12-25B91B8AB821}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{266B3A58-0C68-4561-9879-163E9CADA353}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{27B0E040-6EF6-4B9C-8807-21CCCA545E49}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{2E8B32D4-23D8-4D66-8F89-354B5BBE7FB6}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{31BC0686-3164-4653-97B1-56A4F68CA6DB}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{39FD09D0-C5C0-4B2B-83E9-472A824C0330}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{3EC30465-CDDB-45AC-952A-187A4EFAC5FF}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{3F63A58E-6D24-483E-A0B6-B4A5B94DE545}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{414D33CD-8487-4AE9-BCC2-3B21C9B64553}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{4D5A5EDC-4851-4B16-AB35-11D0AF0841E0}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{4FD1C17A-3FA3-45AB-B26C-DB7A142C6BD0}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{66C15369-65FA-473E-A614-328B1E9B6B14}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{6ABAE28E-FB31-4176-9382-EC3FD66CF022}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{6C319522-28ED-40CD-8830-66A14F42A83C}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{6F133E30-F5F5-41AE-B8E1-74005653EA50}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{71323F51-7F4B-4026-8988-E8A852BCEE04}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{729D8F3A-627B-4E9C-BED2-C495082D5ABB}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{74D5C103-1319-49C4-8BF0-9C9C2F58AFC0}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{7A1AC33C-E30A-44BE-948C-7A194F8FFCDE}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{7AF1AD18-55DF-466E-8B82-002092E94C06}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{7B6C3A0A-35F5-442D-8F54-8DFF5C1D019E}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{7C6AE89F-445B-4264-9E65-647419E7B0BF}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{7EAFA4C3-8055-413E-A8B0-6FE4AD62A78A}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{841F67C8-A9F1-4B00-85B2-95ECE8200D0C}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{8472A0B0-ED37-4EC6-AD4B-47415C11C527}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{85DD666A-2546-4441-B0EF-3A3866CB9085}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{862A5D02-0E30-4DE4-906C-B4C1BFF9C06D}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{868EB238-CC08-4433-B9F2-081982510FA8}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{898CBF23-033C-4828-97C2-13B1645EC1B4}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{89A4D349-8B0B-43CB-9C1D-054C06BEAAB8}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{8DA32634-4949-4371-91BC-8CD36AD2384A}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{8DBC7F6D-7C22-40F3-B769-E8F6BA4CFF16}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{8DE08E76-66F0-4604-BFE0-EB0C65DE3F8F}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{95DBDC8C-4B7B-4248-8E2D-EA2381A84047}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{A40A8481-FBE2-4C35-B9C6-4F410414EB2A}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{AB4BE6A3-7ADD-4524-9462-CA87925F4F20}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{AD004B91-F9D0-4635-B96A-AFBDEF67EB76}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{B27884DC-0839-4354-9BCA-9A2AC85B2C46}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{BC4FC211-8256-439C-BC25-ED49B5565993}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{BCF61780-5E02-4960-81C7-ABBCCD2D3FA6}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{BF60BEC0-0561-4D60-90A8-779C9DD65116}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{BFD228B0-2C0C-43AC-B271-39A29333671F}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{C1306282-10D7-4164-A392-9FCD1D42B881}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{C3D478B6-CEB6-41A5-BE79-CA15B817AC91}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{C6BEED21-1A72-4BD2-8881-63BC045C2441}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{C8B92613-A954-47FE-8367-A8A0EEC61DD5}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{C9036DAE-058C-4FD9-A50B-D7D566CC91EC}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{CE8522E8-9BE3-4CA7-BC3E-898FD34291D7}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{CF01A695-1FAE-4357-B32E-1A1D81A129EA}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{DC6C99ED-438E-41DD-A5A3-1690A4915DCA}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{E97C1BDD-BD84-4BB3-A383-5B8B484790BA}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{EF5DE92E-B147-4152-9CC7-9AA6AB9BDC4B}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{EFB7A1F2-01CB-428D-8774-494398FD25CC}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{EFF24C0B-9DA7-47B0-8D08-A8D9D24DAB81}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{F259229B-F0BF-4CBF-AEA7-6584141C2103}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{F55146DE-4196-4A10-971A-148BFF994697}
Successfully deleted: [Empty Folder] C:\Users\alf\appdata\local\{FDAB557B-8994-40DD-9209-3BA1A60E1584}
~~~ FireFox
Successfully deleted: [File] C:\Users\alf\AppData\Roaming\mozilla\firefox\profiles\cdcptm33.default\user.js
Emptied folder: C:\Users\alf\AppData\Roaming\mozilla\firefox\profiles\cdcptm33.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.02.2015 at 23:38:21,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by alf (administrator) on ALF-PC on 23-02-2015 23:48:29
Running from C:\Users\alf\Desktop
Loaded Profiles: alf (Available profiles: alf & nicole)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Option) C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Search\WebSearch.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Dropbox, Inc.) C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [Amazon Music] => C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {4607f76d-5321-11dd-b0f4-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {52d18c7e-85dd-11e4-a0e1-0013779cb325} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed5fe-86cd-11e4-96d5-00f1d000f1d0} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed62f-86cd-11e4-96d5-00f1d000f1d0} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed635-86cd-11e4-96d5-001e101f4e71} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
ProxyEnable: [S-1-5-21-3266977579-4003141749-4249582801-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3266977579-4003141749-4249582801-1003] => http=127.0.0.1:8897;https=127.0.0.1:8897
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://depecheworld.de/
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> DefaultScope {E78C2635-504D-4B35-B8F8-CAD77C88FD0F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {E78C2635-504D-4B35-B8F8-CAD77C88FD0F} URL = https://www.google.com/search?q={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default
FF Homepage: hxxp://depecheworld.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3266977579-4003141749-4249582801-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Flash Video Downloader - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\artur.dubovoy@gmail.com [2014-01-30]
FF Extension: DownloadHelper - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-30]
FF Extension: Set Search Settings - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{e48eb377-9675-4f2b-be40-b8ba3e0d933c} [2015-02-20]
FF Extension: Adblock Plus - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-17]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-17]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1FLDB_enDE556DE556&ion=1&espv=2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_secureddownload_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAtC0B0Ezzzzzy0DyDzyyEtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFzytN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtCyEyD0CyB0CzztG0DyByDzztGtAyBtCyBtGyEyDtAtAtGtA0AyCzztByBtA0FtC0CzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyDtA0F0CtA0EyCtGyB0AyD0AtGyEtAyE0DtG0A0A0ByEtG0AtD0BtAtDzyzztAtA0CzzyD2Q&cr=1040231234&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-03]
CHR Extension: (Google Drive) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-03]
CHR Extension: (Google Search) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-03]
CHR Extension: (Google Wallet) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Gmail) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-02-20] (SUPERAntiSpyware.com)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 DailytoolsUpdateService; C:\Windows\System32\update1.dll [352256 2014-08-23] (Dailytools GmbH) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 GtDetectSc; C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [204915 2007-11-05] (Option) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-11-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
R2 Search; C:\Program Files\Search\WebSearch.exe [435184 2014-12-18] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\alf\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 14510131; C:\Windows\System32\DRIVERS\14510131.sys [128016 2009-09-25] (Kaspersky Lab)
R0 14510132; C:\Windows\System32\DRIVERS\14510132.sys [37392 2009-10-22] (Kaspersky Lab)
R1 82524381; C:\Windows\System32\DRIVERS\82524381.sys [128016 2009-09-25] (Kaspersky Lab)
R0 82524382; C:\Windows\System32\DRIVERS\82524382.sys [37392 2009-10-22] (Kaspersky Lab)
S2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2002-07-17] (Adaptec) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [95744 2007-07-09] (Option NV)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [51968 2007-06-26] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TSP; C:\Windows\system32\drivers\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2007-10-17] (Vimicro Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 23:38 - 2015-02-23 23:38 - 00008239 _____ () C:\Users\alf\Desktop\JRT.txt
2015-02-23 23:33 - 2015-02-23 23:33 - 01388274 _____ (Thisisu) C:\Users\alf\Desktop\JRT.exe
2015-02-23 23:30 - 2015-02-23 23:30 - 00003040 _____ () C:\Users\alf\Desktop\AdwCleaner[R1].txt
2015-02-23 23:12 - 2015-02-23 23:12 - 02126848 _____ () C:\Users\alf\Desktop\AdwCleaner_4.111.exe
2015-02-23 18:40 - 2015-02-23 18:41 - 00000000 ____D () C:\Users\alf\Downloads\Sunrise_Avenue-Fairytales-Best_Of_2006-2014_(Orchestral-Live)-3CD-2015-VOiCE
2015-02-23 18:32 - 2015-02-23 18:40 - 207000000 _____ () C:\Users\alf\Downloads\Sunrise_Avenue-Fairytales-Best_Of_2006-2014_(Orchestral-Live)-3CD-2015-VOiCE.rar
2015-02-23 18:30 - 2015-02-23 18:30 - 103720351 _____ () C:\Users\alf\Downloads\Sunrise_Avenue-Fairytales-Best_Of_2006-2014_(Orchestral-Live)-3CD-2015-VOiCE.r00
2015-02-23 18:01 - 2015-02-23 18:01 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-02-23 13:57 - 2015-02-23 23:13 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 13:53 - 2015-02-23 13:53 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-23 13:53 - 2015-02-23 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-23 13:53 - 2015-02-23 13:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-23 13:53 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-23 13:53 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-23 13:53 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-23 13:15 - 2015-02-23 23:48 - 00028238 _____ () C:\Users\alf\Desktop\FRST.txt
2015-02-23 13:15 - 2015-02-23 13:15 - 00047653 _____ () C:\Users\alf\Desktop\Addition.txt
2015-02-23 13:13 - 2015-02-23 13:14 - 00047653 _____ () C:\Users\alf\Downloads\Addition.txt
2015-02-23 13:10 - 2015-02-23 13:14 - 00042466 _____ () C:\Users\alf\Downloads\FRST.txt
2015-02-23 13:09 - 2015-02-23 23:48 - 00000000 ____D () C:\FRST
2015-02-23 13:07 - 2015-02-23 13:07 - 01126912 _____ (Farbar) C:\Users\alf\Desktop\FRST.exe
2015-02-20 13:59 - 2015-02-23 18:12 - 00052648 _____ () C:\Windows\PFRO.log
2015-02-20 13:13 - 2015-02-20 13:14 - 00032798 _____ () C:\Users\alf\Downloads\Documents\cc_20150220_131353.reg
2015-02-20 12:49 - 2015-02-20 12:49 - 00000000 ____D () C:\SUPERDelete
2015-02-17 19:38 - 2015-02-17 19:38 - 00002071 _____ () C:\Users\alf\Desktop\Sicherer Zahlungsverkehr.lnk
2015-02-17 19:03 - 2015-02-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-17 19:03 - 2015-02-17 18:59 - 00001977 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-17 18:50 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-17 18:50 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-17 18:50 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-17 18:44 - 2015-02-17 18:46 - 197295744 _____ (Kaspersky Lab) C:\Users\alf\Downloads\kis15.0.2.361de-de.exe
2015-02-17 18:18 - 2015-02-17 18:21 - 302470552 _____ (AMD Inc.) C:\Users\alf\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-02-17 16:30 - 2015-02-17 16:30 - 00000000 ____D () C:\ProgramData\{829A6A59-D218-BBDF-639E-CB5DB31C18D3}
2015-02-17 16:29 - 2015-02-17 16:29 - 00000000 ____D () C:\Users\alf\AppData\Local\StormFall
2015-02-12 12:11 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 12:11 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 11:14 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 11:11 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 11:10 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 11:05 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 11:05 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:34 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:34 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 10:34 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:34 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:34 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:34 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 10:34 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 10:34 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 10:34 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 16:48 - 2015-02-23 23:13 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Skype
2015-02-08 16:48 - 2015-02-10 13:57 - 00002489 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-02-08 16:48 - 2015-02-10 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ___RD () C:\Program Files\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Users\alf\AppData\Local\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-02-08 16:47 - 2015-02-10 13:57 - 00000000 ____D () C:\ProgramData\Skype
2015-02-06 21:00 - 2015-02-06 21:00 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-06 21:00 - 2015-02-06 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-06 20:58 - 2015-02-06 21:00 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-06 20:58 - 2015-02-06 20:58 - 00000000 ____D () C:\Program Files\iPod
2015-01-30 16:03 - 2015-01-30 16:03 - 00134980 _____ () C:\Users\alf\Downloads\Chordify_Erasure-How-Many-Times-Graham-Foster.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 23:45 - 2009-02-27 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-23 23:34 - 2013-08-17 18:31 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 23:33 - 2008-07-16 11:33 - 01233649 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 23:24 - 2012-03-30 18:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 23:23 - 2006-11-02 13:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 23:23 - 2006-11-02 13:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 23:17 - 2014-04-10 14:45 - 00000000 ____D () C:\AdwCleaner
2015-02-23 21:43 - 2008-12-02 09:56 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2015-02-23 21:30 - 2012-05-27 22:09 - 00000000 ___RD () C:\Users\alf\Dropbox
2015-02-23 21:30 - 2012-05-27 22:05 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Dropbox
2015-02-23 21:29 - 2013-08-17 18:31 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 21:23 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 21:21 - 2008-04-16 00:00 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-23 21:21 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-23 18:17 - 2008-09-08 19:15 - 00152568 _____ () C:\Users\alf\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 18:14 - 2006-11-02 13:47 - 02525784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 18:05 - 2008-04-16 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-23 18:05 - 2008-04-16 02:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-23 18:03 - 2008-04-16 02:38 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-23 18:02 - 2008-04-16 02:39 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-02-23 18:02 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-23 18:02 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-23 18:01 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\ShellNew
2015-02-23 17:52 - 2006-11-02 11:23 - 00000404 _____ () C:\Windows\win.ini
2015-02-23 17:20 - 2012-02-27 23:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-23 14:30 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-02-23 13:53 - 2009-03-01 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 20:38 - 2013-08-17 18:33 - 00001923 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 13:16 - 2009-06-14 19:36 - 00000000 ____D () C:\Windows\pss
2015-02-20 13:07 - 2014-05-31 18:11 - 00000000 ____D () C:\Program Files\Steam
2015-02-20 13:06 - 2009-01-27 15:29 - 00000000 ____D () C:\Windows\Minidump
2015-02-20 13:03 - 2013-01-01 22:26 - 00000764 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-20 13:03 - 2011-07-02 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 13:03 - 2009-03-07 20:35 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 13:03 - 2009-03-07 20:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 11:59 - 2006-11-02 11:33 - 00007240 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 19:15 - 2009-02-27 22:54 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-02-17 19:09 - 2009-02-01 11:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-02-17 18:58 - 2008-09-08 19:13 - 00000000 ____D () C:\Users\alf
2015-02-17 18:07 - 2008-09-08 21:30 - 00000000 ____D () C:\Users\nicole
2015-02-17 18:07 - 2008-04-16 00:17 - 00000000 ____D () C:\Windows\VMC302
2015-02-17 18:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-17 18:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-17 18:07 - 2006-11-02 11:22 - 93061120 _____ () C:\Windows\system32\config\system_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 80216064 _____ () C:\Windows\system32\config\software_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 45613056 _____ () C:\Windows\system32\config\components_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 00098304 _____ () C:\Windows\system32\config\sam_previous
2015-02-17 17:36 - 2013-05-07 15:59 - 00262144 _____ () C:\Windows\system32\config\elam
2015-02-13 11:04 - 2014-09-23 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-13 10:06 - 2012-05-27 22:09 - 00000949 _____ () C:\Users\alf\Desktop\Dropbox.lnk
2015-02-13 10:06 - 2012-05-27 22:07 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 11:39 - 2013-08-15 17:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 11:16 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-10 13:48 - 2012-03-13 09:07 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Spotify
2015-02-10 13:06 - 2012-03-13 09:09 - 00000000 ____D () C:\Users\alf\AppData\Local\Spotify
2015-02-09 15:18 - 2013-10-21 18:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-09 14:58 - 2009-03-12 21:41 - 00000000 ____D () C:\Program Files\Java
2015-02-09 14:56 - 2014-11-29 16:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-06 21:00 - 2012-04-01 09:56 - 00000000 ____D () C:\Program Files\iTunes
2015-02-06 20:58 - 2008-09-20 20:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-06 19:24 - 2012-03-30 18:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 19:24 - 2011-05-15 09:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-03-05 17:11 - 2014-03-20 20:43 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2009-02-24 21:36 - 2009-02-24 21:41 - 2616184 _____ () C:\Users\alf\AppData\Roaming\install.txt
2010-03-14 22:00 - 2010-03-14 22:00 - 0000018 _____ () C:\Users\alf\AppData\Roaming\userdic.tlx
2009-01-01 16:58 - 2009-09-03 19:49 - 0005402 _____ () C:\Users\alf\AppData\Roaming\UserTile.png
2013-07-27 15:15 - 2014-01-27 21:25 - 0000139 _____ () C:\Users\alf\AppData\Roaming\WB.CFG
2013-06-18 19:15 - 2014-01-27 21:25 - 0000005 _____ () C:\Users\alf\AppData\Roaming\WBPU-TTL.DAT
2008-10-28 22:10 - 2014-01-28 18:23 - 0000680 _____ () C:\Users\alf\AppData\Local\d3d9caps.dat
2008-09-09 21:20 - 2014-12-23 12:22 - 0149504 _____ () C:\Users\alf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-12 19:41 - 2009-06-12 19:41 - 0000091 _____ () C:\Users\alf\AppData\Local\fusioncache.dat
2010-02-16 22:25 - 2012-02-08 23:06 - 1184696 _____ () C:\Users\alf\AppData\Local\rx_audio.Cache
2010-02-16 22:24 - 2012-02-08 23:06 - 18382848 _____ () C:\Users\alf\AppData\Local\rx_image.Cache
2012-03-05 21:07 - 2012-03-05 21:07 - 0017408 _____ () C:\Users\alf\AppData\Local\WebpageIcons.db
2013-07-13 19:24 - 2013-07-13 19:32 - 0000008 _____ () C:\Users\alf\AppData\Local\~wmrg
2009-08-30 15:32 - 2009-09-01 16:33 - 0002060 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\alf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdpvoff.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 21:36
==================== End Of Log ============================
--- --- --- |
|
24.02.2015, 09:22
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bikiniland eingefangen Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2015, 10:41
| #11 |
| | Bikiniland eingefangen Ok, hier die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01
Ran by alf at 2015-02-24 10:37:57
Running from C:\Users\alf\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (HKLM\...\Adobe_25db75244653b42cb93dc27939d1c0e) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Fireworks CS4 (HKLM\...\Adobe_ccb135070a90ff24d6e7cc4bc5a59cb) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Music (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
ATI Catalyst Install Manager (HKLM\...\{9DCC214C-CD1A-1115-6775-A9056185FE4E}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 34790577.-2.1999270006.1999269020 - Audible, Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AVStation Now (HKLM\...\InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}) (Version: 4.0.10.6 - Ihr Firmenname)
AVStation Now (Version: 4.0.10.6 - Ihr Firmenname) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BUDNI Fotowelt (HKLM\...\BUDNI Fotowelt) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (HKLM\...\{2433BAD7-453F-473D-BE81-455E68940DEB}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0318.2139.36886 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 120.0.214.000 - Hewlett-Packard) Hidden
Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
D6100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
D6100_D7100_D7300_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DirectXInstallService (Version: 9.0.1 - Roxio) Hidden
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2103 - CyberLink Corporation)
East-Tec DisposeSecure 2006 Enterprise Version 3.5 (HKLM\...\East-Tec DisposeSecure 2006 Enterprise_is1) (Version: - EAST Technologies)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - )
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Ihr Firmenname)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Exact Audio Copy 0.99pb3 (HKLM\...\Exact Audio Copy) (Version: 0.99pb3 - Andre Wiethoff)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Firefighters 2014 (HKLM\...\Steam App 291910) (Version: - VIS - Visual Imagination Software)
GEAR driver installer 4.020 (HKLM\...\{983CFCAC-5C96-4018-8BEC-D6581644C654}) (Version: 4.020.5 - GEAR Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Deskjet & Photosmart Printer Driver Software 8.0.A (HKLM\...\{981DE354-9301-440f-AAFC-025AA2354A93}) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP PrecisionScan LTX (HKLM\...\HP PrecisionScan LTX) (Version: - )
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
LabelPrint 2.0 (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: - )
Lansweeper 3.2 (HKLM\...\Lansweeper_is1) (Version: 3.2 - Lansweeper.com)
LightScribe 1.8.15.1 (Version: 1.8.15.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Namo WebEditor 8 (HKLM\...\{D3507473-2CE3-4073-A6BA-A0846B5CC687}) (Version: 8.00.000 - Namo Interactive, Inc.)
Nero 8 (HKLM\...\{B944FA21-81AF-4A77-8328-CE4F4CC51031}) (Version: 8.10.20 - Nero AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.47 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.47 - Ihr Firmenname) Hidden
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - )
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2802.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074429(3.7)_Vista_SSPC - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5659 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SF_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden
SF_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
Skins (Version: 2008.0318.2139.36886 - ATI) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.2160.11 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.2160.11 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.2160.11 - TuneUp Software) Hidden
Ulead GIF Animator 5 (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VueScan x32 (HKLM\...\VueScan x32) (Version: - )
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
web'n'walk Manager (HKLM\...\{25DEC9F7-08C7-4511-9B4A-40A61E40658E}) (Version: 2.5.0.68 - Option NV)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - WIDCOMM, Inc.)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
22-02-2015 21:10:20 Geplanter Prüfpunkt
23-02-2015 16:01:21 Geplanter Prüfpunkt
23-02-2015 17:45:55 Configured Microsoft Office Enterprise 2007
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2013-03-15 17:31 - 00000147 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11DEB8AD-8E8C-419C-9F28-016A1A1AD042} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {15AACBCD-297F-4BB0-AB85-AB400AC60522} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {21F9C1A5-3777-4A83-9D09-83197CE45669} - System32\Tasks\{AB9605BB-53F4-494E-AE24-32FB6BA003F3} => pcalua.exe -a C:\Users\alf\Downloads\INSTALL.EXE -d C:\Users\alf\Downloads
Task: {264C2D85-4D5C-48FB-9363-5D0CC6859E69} - System32\Tasks\{6D9A986F-D59D-421B-831B-EA8AA0DEF238} => pcalua.exe -a "C:\Users\alf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TP1BFNC\vlc[1].exe" -d C:\Users\alf\Desktop
Task: {2AA082C7-4803-4954-B360-FF0E5BC76E68} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.)
Task: {2B8DA84C-C3AF-4A6E-BB38-C16B0B72FAFC} - System32\Tasks\Microsoft\Windows\RestartManager\{92ADDA93-CC20-4b30-8ED0-D8B450D62735} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {42016A41-AF7B-4605-86F6-9DA4A299A70E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4F3F5B76-406E-40B7-94CD-8BD3C1163081} - System32\Tasks\{CF628063-ABC7-480C-BD11-65B3E8D0773F} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11"
Task: {560263C3-F387-4F2A-8AB2-F60B20106E19} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software)
Task: {578A8F9A-D86C-4B43-BB35-831D6DA7E1EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {578F03D0-EE09-4B88-8CDB-BB25BAE85976} - System32\Tasks\Microsoft\Windows\RestartManager\{5577BCA0-7EED-4e1e-AD1E-5325F08E3608} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {58E271A3-5212-4CC5-BCA1-9190A360B28B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {66636432-B073-4797-9DB4-D68B08855FDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {76D47263-9F0C-4474-B644-4BEC73D0EAA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {7F369FDF-17D5-4130-B165-7917412526D4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {82583C58-CBA8-4AC1-A74E-8CE24ADE034E} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.)
Task: {827EAA49-9A57-4686-AFE9-C82866E5C0AD} - System32\Tasks\advSRSII => C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe [2008-01-30] ()
Task: {999BD4AD-CB5B-43F6-86D9-30E8C1B0B88F} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {B6FAED13-534C-4A73-80DD-01F6B6D4BC88} - System32\Tasks\{385CEB9D-3E12-4A4D-87B1-FD8BBC53EA74} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17"
Task: {BFBEEC3C-4DC0-4B0F-86A1-4AD9E5D6BE3A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {C1C46FF6-7EA2-4B8B-9405-6113FED34DD7} - System32\Tasks\{3F0472EA-5B61-440E-BD66-7371BC1CE214} => pcalua.exe -a E:\EMC_100\BIN\DotNetFX.exe -d E:\ -c /q:a /c:"install /l /q"
Task: {C599191B-7D1C-4794-BD13-42607939D790} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {D9ED82AA-A714-40E1-84F5-FEC679BEE95E} - System32\Tasks\Microsoft\Windows\RestartManager\{5C024DC4-95AB-47d0-A784-B08DE36E3C6F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E12679BA-7AFE-4C57-9320-951BE12D7ADA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - alf => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {EC7BFDA4-4533-4C92-95E6-2AFF5B0DDB81} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.)
Task: {F8A5340B-69BF-4AEE-9F50-6E30203EF659} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics)
Task: {FB3124CF-9294-4236-82B0-D1B1037E56AD} - System32\Tasks\{FDB66AAD-065A-4401-A416-6116F367E2FF} => pcalua.exe -a C:\Users\alf\Downloads\sj644ge\SETUP.EXE -d C:\Users\alf\Downloads\sj644ge
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D403DEC0-4150-4592-8848-B141569C6080}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-17 12:26 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2008-04-16 00:22 - 2006-12-19 14:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-08-08 22:13 - 2014-12-18 17:20 - 00435184 _____ () C:\Program Files\Search\WebSearch.exe
2008-04-15 06:40 - 2008-03-18 14:04 - 00159744 ____N () C:\Windows\system32\atitmmxx.dll
2008-10-27 14:38 - 2010-04-20 13:26 - 00300912 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
2008-06-05 19:32 - 2010-04-16 13:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2008-04-16 00:43 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2008-04-16 00:39 - 2008-01-30 04:00 - 01926144 _____ () C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
2008-04-16 00:39 - 2007-12-09 07:08 - 02811392 _____ () C:\Program Files\Samsung\Samsung Recovery Solution II\Resdll.dll
2008-04-16 02:14 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-04-16 00:37 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-04-16 00:37 - 2006-09-19 01:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll
2014-10-06 23:15 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-24 10:22 - 2015-02-24 10:22 - 00043008 _____ () c:\users\alf\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv19dh5.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2008-03-18 04:21 - 2008-03-18 04:21 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\alf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dienst-Manager.lnk => C:\Windows\pss\Dienst-Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk => C:\Windows\pss\Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk => C:\Windows\pss\web'n'walk Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^alf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^alf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Windows Calendar.lnk => C:\Windows\pss\Windows Calendar.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\alf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040509 serial=dr12cub-5137358-mcc lang=DE
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LELA => "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\alf\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\alf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe
MSCONFIG\startupreg: Windows Defender => "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
==================== Accounts: =============================
Administrator (S-1-5-21-3266977579-4003141749-4249582801-500 - Administrator - Disabled)
alf (S-1-5-21-3266977579-4003141749-4249582801-1003 - Administrator - Enabled) => C:\Users\alf
ASPNET (S-1-5-21-3266977579-4003141749-4249582801-1007 - Limited - Enabled)
Gast (S-1-5-21-3266977579-4003141749-4249582801-501 - Limited - Disabled)
nicole (S-1-5-21-3266977579-4003141749-4249582801-1004 - Limited - Enabled) => C:\Users\nicole
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2015 10:14:48 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
System errors:
=============
Error: (02/24/2015 10:12:04 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Search
Error: (02/24/2015 10:12:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (02/24/2015 10:11:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3
Error: (02/24/2015 10:11:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Aspi32%%2
Error: (02/24/2015 10:11:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (01/03/2015 09:35:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1343 seconds with 480 seconds of active time. This session ended with a crash.
Error: (12/17/2014 00:35:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/07/2013 06:35:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/22/2013 05:26:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13832 seconds with 7920 seconds of active time. This session ended with a crash.
Error: (01/06/2012 10:59:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2611 seconds with 180 seconds of active time. This session ended with a crash.
Error: (09/16/2011 06:47:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/16/2010 07:16:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 237 seconds with 120 seconds of active time. This session ended with a crash.
Error: (07/20/2010 08:25:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 80 seconds with 60 seconds of active time. This session ended with a crash.
Error: (03/08/2010 02:49:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1450 seconds with 120 seconds of active time. This session ended with a crash.
Error: (03/01/2010 05:38:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 258 seconds with 180 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-02-24 10:37:44.526
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:43.574
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:42.623
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:41.671
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:40.579
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:39.628
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:38.692
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:37.865
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:37.007
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 10:37:36.180
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 48%
Total physical RAM: 3069.45 MB
Available physical RAM: 1574.66 MB
Total Pagefile: 6375.21 MB
Available Pagefile: 4863.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:144 GB) (Free:16.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144.09 GB) (Free:35.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: BD17C37C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
24.02.2015, 10:52
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bikiniland eingefangen FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
ProxyEnable: [S-1-5-21-3266977579-4003141749-4249582801-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3266977579-4003141749-4249582801-1003] => http=127.0.0.1:8897;https=127.0.0.1:8897
CHR StartupUrls: Default -> "http://binkiland.com/?f=7&a=bnk_secureddownload_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAtC0B0Ezzzzzy0DyDzyyEtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFzytN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtCyEyD0CyB0CzztG0DyByDzztGtAyBtCyBtGyEyDtAtAtGtA0AyCzztByBtA0FtC0CzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyDtA0F0CtA0EyCtGyB0AyD0AtGyEtAyE0DtG0A0A0ByEtG0AtD0BtAtDzyzztAtA0CzzyD2Q&cr=1040231234&ir="
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
R2 DailytoolsUpdateService; C:\Windows\System32\update1.dll [352256 2014-08-23] (Dailytools GmbH) [File not signed]
R2 Search; C:\Program Files\Search\WebSearch.exe [435184 2014-12-18] ()
S2 SessionLauncher; C:\Users\alf\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
Task: {21F9C1A5-3777-4A83-9D09-83197CE45669} - System32\Tasks\{AB9605BB-53F4-494E-AE24-32FB6BA003F3} => pcalua.exe -a C:\Users\alf\Downloads\INSTALL.EXE -d C:\Users\alf\Downloads
Task: {264C2D85-4D5C-48FB-9363-5D0CC6859E69} - System32\Tasks\{6D9A986F-D59D-421B-831B-EA8AA0DEF238} => pcalua.exe -a "C:\Users\alf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TP1BFNC\vlc[1].exe" -d C:\Users\alf\Desktop
Task: {4F3F5B76-406E-40B7-94CD-8BD3C1163081} - System32\Tasks\{CF628063-ABC7-480C-BD11-65B3E8D0773F} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11"
Task: {B6FAED13-534C-4A73-80DD-01F6B6D4BC88} - System32\Tasks\{385CEB9D-3E12-4A4D-87B1-FD8BBC53EA74} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17"
Task: {C1C46FF6-7EA2-4B8B-9405-6113FED34DD7} - System32\Tasks\{3F0472EA-5B61-440E-BD66-7371BC1CE214} => pcalua.exe -a E:\EMC_100\BIN\DotNetFX.exe -d E:\ -c /q:a /c:"install /l /q"
Task: {FB3124CF-9294-4236-82B0-D1B1037E56AD} - System32\Tasks\{FDB66AAD-065A-4401-A416-6116F367E2FF} => pcalua.exe -a C:\Users\alf\Downloads\sj644ge\SETUP.EXE -d C:\Users\alf\Downloads\sj644ge
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
C:\Windows\System32\update1.dll
C:\Program Files\Search
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2015, 11:58
| #13 |
| | Bikiniland eingefangen Ok hier ist die FixLog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2015 01
Ran by alf at 2015-02-24 11:49:33 Run:2
Running from C:\Users\alf\Desktop
Loaded Profiles: alf (Available profiles: alf & nicole)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
ProxyEnable: [S-1-5-21-3266977579-4003141749-4249582801-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3266977579-4003141749-4249582801-1003] => http=127.0.0.1:8897;https=127.0.0.1:8897
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_secureddownload_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAtC0B0Ezzzzzy0DyDzyyEtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFzytN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtCyEyD0CyB0CzztG0DyByDzztGtAyBtCyBtGyEyDtAtAtGtA0AyCzztByBtA0FtC0CzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyDtA0F0CtA0EyCtGyB0AyD0AtGyEtAyE0DtG0A0A0ByEtG0AtD0BtAtDzyzztAtA0CzzyD2Q&cr=1040231234&ir="
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
R2 DailytoolsUpdateService; C:\Windows\System32\update1.dll [352256 2014-08-23] (Dailytools GmbH) [File not signed]
R2 Search; C:\Program Files\Search\WebSearch.exe [435184 2014-12-18] ()
S2 SessionLauncher; C:\Users\alf\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
Task: {21F9C1A5-3777-4A83-9D09-83197CE45669} - System32\Tasks\{AB9605BB-53F4-494E-AE24-32FB6BA003F3} => pcalua.exe -a C:\Users\alf\Downloads\INSTALL.EXE -d C:\Users\alf\Downloads
Task: {264C2D85-4D5C-48FB-9363-5D0CC6859E69} - System32\Tasks\{6D9A986F-D59D-421B-831B-EA8AA0DEF238} => pcalua.exe -a "C:\Users\alf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TP1BFNC\vlc[1].exe" -d C:\Users\alf\Desktop
Task: {4F3F5B76-406E-40B7-94CD-8BD3C1163081} - System32\Tasks\{CF628063-ABC7-480C-BD11-65B3E8D0773F} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11"
Task: {B6FAED13-534C-4A73-80DD-01F6B6D4BC88} - System32\Tasks\{385CEB9D-3E12-4A4D-87B1-FD8BBC53EA74} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17"
Task: {C1C46FF6-7EA2-4B8B-9405-6113FED34DD7} - System32\Tasks\{3F0472EA-5B61-440E-BD66-7371BC1CE214} => pcalua.exe -a E:\EMC_100\BIN\DotNetFX.exe -d E:\ -c /q:a /c:"install /l /q"
Task: {FB3124CF-9294-4236-82B0-D1B1037E56AD} - System32\Tasks\{FDB66AAD-065A-4401-A416-6116F367E2FF} => pcalua.exe -a C:\Users\alf\Downloads\sj644ge\SETUP.EXE -d C:\Users\alf\Downloads\sj644ge
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
C:\Windows\System32\update1.dll
C:\Program Files\Search
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
EmptyTemp:
Hosts:
*****************
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
Chrome StartupUrls not detected.
HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho => Key not found.
DailytoolsUpdateService => Service not found.
Search => Service not found.
SessionLauncher => Service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21F9C1A5-3777-4A83-9D09-83197CE45669} => Key not found.
C:\Windows\System32\Tasks\{AB9605BB-53F4-494E-AE24-32FB6BA003F3} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB9605BB-53F4-494E-AE24-32FB6BA003F3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{264C2D85-4D5C-48FB-9363-5D0CC6859E69} => Key not found.
C:\Windows\System32\Tasks\{6D9A986F-D59D-421B-831B-EA8AA0DEF238} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6D9A986F-D59D-421B-831B-EA8AA0DEF238} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F3F5B76-406E-40B7-94CD-8BD3C1163081} => Key not found.
C:\Windows\System32\Tasks\{CF628063-ABC7-480C-BD11-65B3E8D0773F} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF628063-ABC7-480C-BD11-65B3E8D0773F} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6FAED13-534C-4A73-80DD-01F6B6D4BC88} => Key not found.
C:\Windows\System32\Tasks\{385CEB9D-3E12-4A4D-87B1-FD8BBC53EA74} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{385CEB9D-3E12-4A4D-87B1-FD8BBC53EA74} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1C46FF6-7EA2-4B8B-9405-6113FED34DD7} => Key not found.
C:\Windows\System32\Tasks\{3F0472EA-5B61-440E-BD66-7371BC1CE214} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3F0472EA-5B61-440E-BD66-7371BC1CE214} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3124CF-9294-4236-82B0-D1B1037E56AD} => Key not found.
C:\Windows\System32\Tasks\{FDB66AAD-065A-4401-A416-6116F367E2FF} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDB66AAD-065A-4401-A416-6116F367E2FF} => Key not found.
"C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB" => File/Directory not found.
"C:\Windows\System32\update1.dll" => File/Directory not found.
"C:\Program Files\Search" => File/Directory not found.
"C:\ProgramData\TEMP" => ":AD022376" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 11:49:38 ====
|
|
24.02.2015, 12:11
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bikiniland eingefangen Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2015, 12:18
| #15 |
| | Bikiniland eingefangen FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01
Ran by alf (administrator) on ALF-PC on 24-02-2015 12:13:14
Running from C:\Users\alf\Desktop
Loaded Profiles: alf (Available profiles: alf & nicole)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Option) C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [Amazon Music] => C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {4607f76d-5321-11dd-b0f4-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {52d18c7e-85dd-11e4-a0e1-0013779cb325} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed5fe-86cd-11e4-96d5-00f1d000f1d0} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed62f-86cd-11e4-96d5-00f1d000f1d0} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed635-86cd-11e4-96d5-001e101f4e71} - F:\.\Setup.exe AUTORUN=1
Startup: C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://depecheworld.de/
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> DefaultScope {E78C2635-504D-4B35-B8F8-CAD77C88FD0F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {E78C2635-504D-4B35-B8F8-CAD77C88FD0F} URL = https://www.google.com/search?q={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default
FF Homepage: hxxp://depecheworld.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3266977579-4003141749-4249582801-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Flash Video Downloader - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\artur.dubovoy@gmail.com [2014-01-30]
FF Extension: DownloadHelper - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-30]
FF Extension: Set Search Settings - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{e48eb377-9675-4f2b-be40-b8ba3e0d933c} [2015-02-20]
FF Extension: Adblock Plus - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-17]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-17]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1FLDB_enDE556DE556&ion=1&espv=2&ie=UTF-8
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-03]
CHR Extension: (Google Drive) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-03]
CHR Extension: (Google Search) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-03]
CHR Extension: (Google Wallet) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Gmail) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-03]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-02-20] (SUPERAntiSpyware.com)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 GtDetectSc; C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [204915 2007-11-05] (Option) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-11-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 14510131; C:\Windows\System32\DRIVERS\14510131.sys [128016 2009-09-25] (Kaspersky Lab)
R0 14510132; C:\Windows\System32\DRIVERS\14510132.sys [37392 2009-10-22] (Kaspersky Lab)
R1 82524381; C:\Windows\System32\DRIVERS\82524381.sys [128016 2009-09-25] (Kaspersky Lab)
R0 82524382; C:\Windows\System32\DRIVERS\82524382.sys [37392 2009-10-22] (Kaspersky Lab)
S2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2002-07-17] (Adaptec) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [95744 2007-07-09] (Option NV)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [51968 2007-06-26] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TSP; C:\Windows\system32\drivers\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2007-10-17] (Vimicro Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 10:32 - 2015-02-24 10:32 - 00000000 ____D () C:\Users\alf\Desktop\FRST-OlderVersion
2015-02-23 23:38 - 2015-02-23 23:38 - 00008239 _____ () C:\Users\alf\Desktop\JRT.txt
2015-02-23 23:33 - 2015-02-23 23:33 - 01388274 _____ (Thisisu) C:\Users\alf\Desktop\JRT.exe
2015-02-23 23:30 - 2015-02-23 23:30 - 00003040 _____ () C:\Users\alf\Desktop\AdwCleaner[R1].txt
2015-02-23 23:12 - 2015-02-23 23:12 - 02126848 _____ () C:\Users\alf\Desktop\AdwCleaner_4.111.exe
2015-02-23 18:40 - 2015-02-23 18:41 - 00000000 ____D () C:\Users\alf\Downloads\Sunrise_Avenue-Fairytales-Best_Of_2006-2014_(Orchestral-Live)-3CD-2015-VOiCE
2015-02-23 18:32 - 2015-02-23 18:40 - 207000000 _____ () C:\Users\alf\Downloads\Sunrise_Avenue-Fairytales-Best_Of_2006-2014_(Orchestral-Live)-3CD-2015-VOiCE.rar
2015-02-23 18:30 - 2015-02-23 18:30 - 103720351 _____ () C:\Users\alf\Downloads\Sunrise_Avenue-Fairytales-Best_Of_2006-2014_(Orchestral-Live)-3CD-2015-VOiCE.r00
2015-02-23 18:01 - 2015-02-23 18:01 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-02-23 13:57 - 2015-02-24 11:55 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 13:53 - 2015-02-23 13:53 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-23 13:53 - 2015-02-23 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-23 13:53 - 2015-02-23 13:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-23 13:53 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-23 13:53 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-23 13:53 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-23 13:15 - 2015-02-24 12:13 - 00027049 _____ () C:\Users\alf\Desktop\FRST.txt
2015-02-23 13:15 - 2015-02-24 10:39 - 00045737 _____ () C:\Users\alf\Desktop\Addition.txt
2015-02-23 13:13 - 2015-02-23 13:14 - 00047653 _____ () C:\Users\alf\Downloads\Addition.txt
2015-02-23 13:10 - 2015-02-23 13:14 - 00042466 _____ () C:\Users\alf\Downloads\FRST.txt
2015-02-23 13:09 - 2015-02-24 12:13 - 00000000 ____D () C:\FRST
2015-02-23 13:07 - 2015-02-24 10:32 - 01127424 _____ (Farbar) C:\Users\alf\Desktop\FRST.exe
2015-02-20 13:59 - 2015-02-23 18:12 - 00052648 _____ () C:\Windows\PFRO.log
2015-02-20 13:13 - 2015-02-20 13:14 - 00032798 _____ () C:\Users\alf\Downloads\Documents\cc_20150220_131353.reg
2015-02-20 12:49 - 2015-02-20 12:49 - 00000000 ____D () C:\SUPERDelete
2015-02-17 19:38 - 2015-02-17 19:38 - 00002071 _____ () C:\Users\alf\Desktop\Sicherer Zahlungsverkehr.lnk
2015-02-17 19:03 - 2015-02-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-17 19:03 - 2015-02-17 18:59 - 00001977 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-17 18:50 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-17 18:50 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-17 18:50 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-17 18:44 - 2015-02-17 18:46 - 197295744 _____ (Kaspersky Lab) C:\Users\alf\Downloads\kis15.0.2.361de-de.exe
2015-02-17 18:18 - 2015-02-17 18:21 - 302470552 _____ (AMD Inc.) C:\Users\alf\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-02-17 16:30 - 2015-02-17 16:30 - 00000000 ____D () C:\ProgramData\{829A6A59-D218-BBDF-639E-CB5DB31C18D3}
2015-02-17 16:29 - 2015-02-17 16:29 - 00000000 ____D () C:\Users\alf\AppData\Local\StormFall
2015-02-12 12:11 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 12:11 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 11:14 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 11:11 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 11:10 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 11:05 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 11:05 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:34 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:34 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 10:34 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:34 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:34 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:34 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 10:34 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 10:34 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 10:34 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 10:34 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 10:34 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 16:48 - 2015-02-24 12:12 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Skype
2015-02-08 16:48 - 2015-02-10 13:57 - 00002489 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-02-08 16:48 - 2015-02-10 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ___RD () C:\Program Files\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Users\alf\AppData\Local\Skype
2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-02-08 16:47 - 2015-02-10 13:57 - 00000000 ____D () C:\ProgramData\Skype
2015-02-06 21:00 - 2015-02-06 21:00 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-06 21:00 - 2015-02-06 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-06 20:58 - 2015-02-06 20:58 - 00000000 ____D () C:\Program Files\iPod
2015-01-30 16:03 - 2015-01-30 16:03 - 00134980 _____ () C:\Users\alf\Downloads\Chordify_Erasure-How-Many-Times-Graham-Foster.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 12:12 - 2009-02-27 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-24 11:57 - 2008-12-02 09:56 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2015-02-24 11:55 - 2012-05-27 22:09 - 00000000 ___RD () C:\Users\alf\Dropbox
2015-02-24 11:55 - 2012-05-27 22:05 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Dropbox
2015-02-24 11:52 - 2013-08-17 18:31 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 11:51 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 11:51 - 2006-11-02 13:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 11:51 - 2006-11-02 13:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 11:50 - 2008-07-16 11:33 - 01261108 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 11:50 - 2008-04-16 00:00 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-24 11:50 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-24 11:34 - 2013-08-17 18:31 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 11:24 - 2012-03-30 18:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 23:17 - 2014-04-10 14:45 - 00000000 ____D () C:\AdwCleaner
2015-02-23 18:17 - 2008-09-08 19:15 - 00152568 _____ () C:\Users\alf\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 18:14 - 2006-11-02 13:47 - 02525784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 18:05 - 2008-04-16 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-23 18:05 - 2008-04-16 02:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-23 18:03 - 2008-04-16 02:38 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-23 18:02 - 2008-04-16 02:39 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-02-23 18:02 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-23 18:02 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-23 18:01 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\ShellNew
2015-02-23 17:52 - 2006-11-02 11:23 - 00000404 _____ () C:\Windows\win.ini
2015-02-23 17:20 - 2012-02-27 23:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-23 14:30 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-02-23 13:53 - 2009-03-01 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 20:38 - 2013-08-17 18:33 - 00001923 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 13:16 - 2009-06-14 19:36 - 00000000 ____D () C:\Windows\pss
2015-02-20 13:07 - 2014-05-31 18:11 - 00000000 ____D () C:\Program Files\Steam
2015-02-20 13:06 - 2009-01-27 15:29 - 00000000 ____D () C:\Windows\Minidump
2015-02-20 13:03 - 2013-01-01 22:26 - 00000764 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-20 13:03 - 2011-07-02 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 13:03 - 2009-03-07 20:35 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 13:03 - 2009-03-07 20:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 11:59 - 2006-11-02 11:33 - 00007240 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 19:15 - 2009-02-27 22:54 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-02-17 19:09 - 2009-02-01 11:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-02-17 18:58 - 2008-09-08 19:13 - 00000000 ____D () C:\Users\alf
2015-02-17 18:07 - 2008-09-08 21:30 - 00000000 ____D () C:\Users\nicole
2015-02-17 18:07 - 2008-04-16 00:17 - 00000000 ____D () C:\Windows\VMC302
2015-02-17 18:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-17 18:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-17 18:07 - 2006-11-02 11:22 - 93061120 _____ () C:\Windows\system32\config\system_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 80216064 _____ () C:\Windows\system32\config\software_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 45613056 _____ () C:\Windows\system32\config\components_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-17 18:07 - 2006-11-02 11:22 - 00098304 _____ () C:\Windows\system32\config\sam_previous
2015-02-17 17:36 - 2013-05-07 15:59 - 00262144 _____ () C:\Windows\system32\config\elam
2015-02-13 11:04 - 2014-09-23 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-13 10:06 - 2012-05-27 22:09 - 00000949 _____ () C:\Users\alf\Desktop\Dropbox.lnk
2015-02-13 10:06 - 2012-05-27 22:07 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 11:39 - 2013-08-15 17:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 11:16 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-10 13:48 - 2012-03-13 09:07 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Spotify
2015-02-10 13:06 - 2012-03-13 09:09 - 00000000 ____D () C:\Users\alf\AppData\Local\Spotify
2015-02-09 15:18 - 2013-10-21 18:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-09 14:58 - 2009-03-12 21:41 - 00000000 ____D () C:\Program Files\Java
2015-02-09 14:56 - 2014-11-29 16:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-06 21:00 - 2012-04-01 09:56 - 00000000 ____D () C:\Program Files\iTunes
2015-02-06 20:58 - 2008-09-20 20:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-06 19:24 - 2012-03-30 18:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 19:24 - 2011-05-15 09:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-03-05 17:11 - 2014-03-20 20:43 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2009-02-24 21:36 - 2009-02-24 21:41 - 2616184 _____ () C:\Users\alf\AppData\Roaming\install.txt
2010-03-14 22:00 - 2010-03-14 22:00 - 0000018 _____ () C:\Users\alf\AppData\Roaming\userdic.tlx
2009-01-01 16:58 - 2009-09-03 19:49 - 0005402 _____ () C:\Users\alf\AppData\Roaming\UserTile.png
2013-07-27 15:15 - 2014-01-27 21:25 - 0000139 _____ () C:\Users\alf\AppData\Roaming\WB.CFG
2013-06-18 19:15 - 2014-01-27 21:25 - 0000005 _____ () C:\Users\alf\AppData\Roaming\WBPU-TTL.DAT
2008-10-28 22:10 - 2014-01-28 18:23 - 0000680 _____ () C:\Users\alf\AppData\Local\d3d9caps.dat
2008-09-09 21:20 - 2014-12-23 12:22 - 0149504 _____ () C:\Users\alf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-12 19:41 - 2009-06-12 19:41 - 0000091 _____ () C:\Users\alf\AppData\Local\fusioncache.dat
2010-02-16 22:25 - 2012-02-08 23:06 - 1184696 _____ () C:\Users\alf\AppData\Local\rx_audio.Cache
2010-02-16 22:24 - 2012-02-08 23:06 - 18382848 _____ () C:\Users\alf\AppData\Local\rx_image.Cache
2012-03-05 21:07 - 2012-03-05 21:07 - 0017408 _____ () C:\Users\alf\AppData\Local\WebpageIcons.db
2013-07-13 19:24 - 2013-07-13 19:32 - 0000008 _____ () C:\Users\alf\AppData\Local\~wmrg
2009-08-30 15:32 - 2009-09-01 16:33 - 0002060 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\alf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd43la4.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-24 12:04
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01
Ran by alf at 2015-02-24 12:14:16
Running from C:\Users\alf\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (HKLM\...\Adobe_25db75244653b42cb93dc27939d1c0e) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Fireworks CS4 (HKLM\...\Adobe_ccb135070a90ff24d6e7cc4bc5a59cb) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Music (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
ATI Catalyst Install Manager (HKLM\...\{9DCC214C-CD1A-1115-6775-A9056185FE4E}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 34790577.-2.1999270006.1999269020 - Audible, Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AVStation Now (HKLM\...\InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}) (Version: 4.0.10.6 - Ihr Firmenname)
AVStation Now (Version: 4.0.10.6 - Ihr Firmenname) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BUDNI Fotowelt (HKLM\...\BUDNI Fotowelt) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (HKLM\...\{2433BAD7-453F-473D-BE81-455E68940DEB}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0318.2139.36886 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 120.0.214.000 - Hewlett-Packard) Hidden
Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
D6100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
D6100_D7100_D7300_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DirectXInstallService (Version: 9.0.1 - Roxio) Hidden
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2103 - CyberLink Corporation)
East-Tec DisposeSecure 2006 Enterprise Version 3.5 (HKLM\...\East-Tec DisposeSecure 2006 Enterprise_is1) (Version: - EAST Technologies)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - )
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Ihr Firmenname)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Exact Audio Copy 0.99pb3 (HKLM\...\Exact Audio Copy) (Version: 0.99pb3 - Andre Wiethoff)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Firefighters 2014 (HKLM\...\Steam App 291910) (Version: - VIS - Visual Imagination Software)
GEAR driver installer 4.020 (HKLM\...\{983CFCAC-5C96-4018-8BEC-D6581644C654}) (Version: 4.020.5 - GEAR Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Deskjet & Photosmart Printer Driver Software 8.0.A (HKLM\...\{981DE354-9301-440f-AAFC-025AA2354A93}) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP PrecisionScan LTX (HKLM\...\HP PrecisionScan LTX) (Version: - )
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
LabelPrint 2.0 (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: - )
Lansweeper 3.2 (HKLM\...\Lansweeper_is1) (Version: 3.2 - Lansweeper.com)
LightScribe 1.8.15.1 (Version: 1.8.15.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Namo WebEditor 8 (HKLM\...\{D3507473-2CE3-4073-A6BA-A0846B5CC687}) (Version: 8.00.000 - Namo Interactive, Inc.)
Nero 8 (HKLM\...\{B944FA21-81AF-4A77-8328-CE4F4CC51031}) (Version: 8.10.20 - Nero AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.47 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.47 - Ihr Firmenname) Hidden
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - )
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2802.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074429(3.7)_Vista_SSPC - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5659 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SF_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden
SF_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
Skins (Version: 2008.0318.2139.36886 - ATI) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.2160.11 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.2160.11 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.2160.11 - TuneUp Software) Hidden
Ulead GIF Animator 5 (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VueScan x32 (HKLM\...\VueScan x32) (Version: - )
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
web'n'walk Manager (HKLM\...\{25DEC9F7-08C7-4511-9B4A-40A61E40658E}) (Version: 2.5.0.68 - Option NV)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - WIDCOMM, Inc.)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
22-02-2015 21:10:20 Geplanter Prüfpunkt
23-02-2015 16:01:21 Geplanter Prüfpunkt
23-02-2015 17:45:55 Configured Microsoft Office Enterprise 2007
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2015-02-24 11:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11DEB8AD-8E8C-419C-9F28-016A1A1AD042} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {15AACBCD-297F-4BB0-AB85-AB400AC60522} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2AA082C7-4803-4954-B360-FF0E5BC76E68} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.)
Task: {2B8DA84C-C3AF-4A6E-BB38-C16B0B72FAFC} - System32\Tasks\Microsoft\Windows\RestartManager\{92ADDA93-CC20-4b30-8ED0-D8B450D62735} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {42016A41-AF7B-4605-86F6-9DA4A299A70E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {560263C3-F387-4F2A-8AB2-F60B20106E19} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software)
Task: {578A8F9A-D86C-4B43-BB35-831D6DA7E1EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {578F03D0-EE09-4B88-8CDB-BB25BAE85976} - System32\Tasks\Microsoft\Windows\RestartManager\{5577BCA0-7EED-4e1e-AD1E-5325F08E3608} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {58E271A3-5212-4CC5-BCA1-9190A360B28B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {66636432-B073-4797-9DB4-D68B08855FDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {76D47263-9F0C-4474-B644-4BEC73D0EAA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {7F369FDF-17D5-4130-B165-7917412526D4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {82583C58-CBA8-4AC1-A74E-8CE24ADE034E} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.)
Task: {827EAA49-9A57-4686-AFE9-C82866E5C0AD} - System32\Tasks\advSRSII => C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe [2008-01-30] ()
Task: {999BD4AD-CB5B-43F6-86D9-30E8C1B0B88F} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {9C7965DF-4E59-4919-8B93-C88C1EAD18A5} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {C599191B-7D1C-4794-BD13-42607939D790} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {D9ED82AA-A714-40E1-84F5-FEC679BEE95E} - System32\Tasks\Microsoft\Windows\RestartManager\{5C024DC4-95AB-47d0-A784-B08DE36E3C6F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E12679BA-7AFE-4C57-9320-951BE12D7ADA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - alf => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {EC7BFDA4-4533-4C92-95E6-2AFF5B0DDB81} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.)
Task: {F8A5340B-69BF-4AEE-9F50-6E30203EF659} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D403DEC0-4150-4592-8848-B141569C6080}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-17 12:26 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2008-04-16 00:22 - 2006-12-19 14:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-04-15 06:40 - 2008-03-18 14:04 - 00159744 ____N () C:\Windows\system32\atitmmxx.dll
2008-04-16 00:43 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2008-04-16 00:39 - 2008-01-30 04:00 - 01926144 _____ () C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
2008-04-16 00:39 - 2007-12-09 07:08 - 02811392 _____ () C:\Program Files\Samsung\Samsung Recovery Solution II\Resdll.dll
2008-04-16 02:14 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-04-16 00:37 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-04-16 00:37 - 2006-09-19 01:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll
2014-10-06 23:15 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-24 11:54 - 2015-02-24 11:54 - 00043008 _____ () c:\users\alf\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd43la4.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\alf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dienst-Manager.lnk => C:\Windows\pss\Dienst-Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk => C:\Windows\pss\Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk => C:\Windows\pss\web'n'walk Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^alf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^alf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Windows Calendar.lnk => C:\Windows\pss\Windows Calendar.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\alf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040509 serial=dr12cub-5137358-mcc lang=DE
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LELA => "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\alf\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\alf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe
MSCONFIG\startupreg: Windows Defender => "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
==================== Accounts: =============================
Administrator (S-1-5-21-3266977579-4003141749-4249582801-500 - Administrator - Disabled)
alf (S-1-5-21-3266977579-4003141749-4249582801-1003 - Administrator - Enabled) => C:\Users\alf
ASPNET (S-1-5-21-3266977579-4003141749-4249582801-1007 - Limited - Enabled)
Gast (S-1-5-21-3266977579-4003141749-4249582801-501 - Limited - Disabled)
nicole (S-1-5-21-3266977579-4003141749-4249582801-1004 - Limited - Enabled) => C:\Users\nicole
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2015 11:56:22 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
Error: (02/24/2015 11:14:05 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
Error: (02/24/2015 10:14:48 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
System errors:
=============
Error: (02/24/2015 11:53:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (02/24/2015 11:53:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Aspi32%%2
Error: (02/24/2015 11:53:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (02/24/2015 11:11:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/24/2015 10:12:04 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Search
Error: (02/24/2015 10:12:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (02/24/2015 10:11:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3
Error: (02/24/2015 10:11:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Aspi32%%2
Error: (02/24/2015 10:11:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (01/03/2015 09:35:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1343 seconds with 480 seconds of active time. This session ended with a crash.
Error: (12/17/2014 00:35:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/07/2013 06:35:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/22/2013 05:26:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13832 seconds with 7920 seconds of active time. This session ended with a crash.
Error: (01/06/2012 10:59:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2611 seconds with 180 seconds of active time. This session ended with a crash.
Error: (09/16/2011 06:47:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/16/2010 07:16:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 237 seconds with 120 seconds of active time. This session ended with a crash.
Error: (07/20/2010 08:25:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 80 seconds with 60 seconds of active time. This session ended with a crash.
Error: (03/08/2010 02:49:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1450 seconds with 120 seconds of active time. This session ended with a crash.
Error: (03/01/2010 05:38:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 258 seconds with 180 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-02-24 12:14:06.398
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:14:05.603
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:14:04.807
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:14:04.011
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:14:02.982
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:14:02.186
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:14:01.391
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:14:00.548
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:13:33.077
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-24 12:13:32.250
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 47%
Total physical RAM: 3069.45 MB
Available physical RAM: 1618.32 MB
Total Pagefile: 6375.21 MB
Available Pagefile: 4816.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:144 GB) (Free:17.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144.09 GB) (Free:35.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: BD17C37C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
| Themen zu Bikiniland eingefangen |
| adware, autorun, bonjour, branding, browser, converter, cpu, desktop, device driver, excel, flash player, home, homepage, install.exe, kaspersky, kis, mozilla, registry, rundll, security, services.exe, software, svchost.exe, system, tastatur, usb, windows, wlan |
Linear-Darstellung
