|  | 
| 
 | |||||||
| Alles rund um Windows: Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytesWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. | 
|  | 
|  | 
|  28.04.2014, 20:33 | #1 | 
|  |   Problem: Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes Liebes Board, ich habe folgendes Problem: Nachdem ich immer wieder auf ein Update für JAVA hingewiesen wurde (oft von unseriösen Quellen), habe ich mal zur Sicherheit ein Update gemacht (von JAVA direkt, ganz regulär). Außerdem habe ich MalwayreBytes benutzt, um meinen Laptop zu scannen. Dabei wurden viele Bedrohungen, infizierte Datein etc. gefunden. Ich habe die Option "Bedrohungen löschen" gewählt und den Laptop heruntergefahren. Wenn ich ihn jetzt starten will, lande ich auf dem Desktop und ich kann kein Programm starten, sie reagieren einfach nicht. Wenn ich mit dem Cursorl auf den "Start"-Button (heißt ja jetzt bei Vista anders, oder?) gehe, sehe ich keinen Pfeil sondern nur den blauen Ring. Ich stecke auf dem Desktop fest und ich weiß nicht, ob ich mit Malwarebytes aus Versehen systemrelevante Programme gelöscht habe. Ich habe jetzt mit FRST einen Scan durchgeführt. Könnt ihr mir helfen, komme gerade nicht weiter  ? Code: 
  ATTFilter  Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by Anne (administrator) on ANNE-PC on 28-04-2014 20:57:19
Running from C:\Users\Anne\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-11] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\Run: [EPSON04DE03 (Epson Stylus SX430)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\MountPoints2: F - F:\laucher.exe
AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=114506&babsrc=HP_clro&mntrId=70567fb100000000000000215d65ed56
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0111&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0111&m=aspire_6930g
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0111&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&babsrc=SP_clro&mntrId=70567fb100000000000000215d65ed56
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&babsrc=SP_clro&mntrId=70567fb100000000000000215d65ed56
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {79B302FD-4533-4B8C-80AB-1389858D656D} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default
FF user.js: detected! => C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\user.js
FF Homepage: www.gmx.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\searchplugins\claro.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-02-19]
FF Extension: Battlefield Heroes Updater - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\Extensions\battlefieldheroespatcher@ea.com [2013-06-18]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-04]
FF Extension: GMX MailCheck - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\Extensions\toolbar@gmx.net.xpi [2011-05-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-08]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome: 
=======
CHR Extension: (avast! Online Security) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-21]
CHR Extension: (Google Wallet) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-11]
========================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-05-01] (Avira GmbH)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-13] (Avira GmbH)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-11] (AVAST Software)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
S4 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2011-01-16] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S4 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [175632 2012-04-11] (Nitro PDF Software)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-03-17] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2011-01-16] (Alfa Corporation)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-11] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-11] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-11] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-11] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-11] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-11] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-07-13] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-07-13] (Avira GmbH)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47104 2008-05-19] (Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [57856 2010-01-07] (SCM Microsystems Inc.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AlfaFF.sys 4490B8BDF38750458EB9B24835FDA8FE
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\system32\drivers\aswMonFlt.sys B347D2FEAE2D063943F16EC98634AB89
C:\Windows\system32\drivers\aswRdr.sys 71A7C3DB37ED3F6118AC7FEB50574C35
C:\Windows\system32\Drivers\aswRvrt.sys 84B4C00AE8CDFC52CF68F322D821F34C
C:\Windows\system32\drivers\aswSnx.sys 3A50AD6AE8D8A0F78F03316F5B93FE45
C:\Windows\system32\drivers\aswSP.sys B6381B4DC603C558419641BA969930E0
C:\Windows\system32\drivers\aswTdi.sys 4A90E597A9AF787C4CEA0DE95C1F74A7
C:\Windows\system32\Drivers\aswVmm.sys 680448905E27BBC6587ADB28597640D6
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\DRIVERS\avgntflt.sys 1E4114685DE1FFA9675E09C6A1FB3F4B
C:\Windows\System32\DRIVERS\avipbb.sys 0F78D3DAE6DEDD99AE54C9491C62ADF2
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\System32\DRIVERS\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\DRIVERS\CVirtA.sys B5ECADF7708960F1818C7FA015F4C239
C:\Windows\system32\Drivers\CVPNDRVA.sys C23025AC5AE45A105D63BD6E2408EDD4
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\DRIVERS\ssudbus.sys 50D5624BB26AF7EAE92EF95F3C6E3CE7
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\DKbFltr.sys 73BAF270D24FE726B9CD7F80BB17A23D
C:\Windows\System32\DRIVERS\dne2000.sys B5AA5AA5AC327BD7C1AEC0C58F0C1144
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys D8DF3722D5E961BAA1292AA2F12827E2
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785
C:\Windows\System32\DRIVERS\HSX_DPV.sys FADD7095163CB3CB4073793EBB50FE75
C:\Windows\System32\DRIVERS\HSXHWAZL.sys 058783BEDD17615D1FECE09F77960436
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\DRIVERS\iaStor.sys 707C1692214B1C290271067197F075F6
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\int15.sys 4D8D5B1C895EA0F2A721B98A7CE198F1
C:\Windows\System32\drivers\RTKVHDA.sys 219CA9A36D6DE2EC04F958C907673436
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\L1E60x86.sys 86D7F66AC2C0123ED81B2F3E835845C2
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\DRIVERS\NETw5v32.sys E559EA9138C77B5D1FDA8C558764A25F
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\System32\DRIVERS\NTIDrvr.sys 2757D2BA59AEE155209E24942AB127C9
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys 547BFA3591C70674B0BFC99354AB78B3
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\drivers\nvhda32v.sys 2C7AC27710E8D41C1EB7D1599187D237
C:\Windows\System32\DRIVERS\nvlddmkm.sys CB0D6F8F65B8766FF2AAAA78881FD9F8
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\DRIVERS\psdfilter.sys 1DCBB35090CC4B2BD3D661E6089523C6
C:\Windows\System32\DRIVERS\PSDNServ.sys E26E46D619469964AC3609620F443867
C:\Windows\System32\DRIVERS\PSDVdisk.sys 3E1D134AF2806867D06047C4CC33CC65
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\drivers\RTSTOR.SYS 7A4F79DF3793160B280CDE152B61FE33
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SCR3XX2K.sys B590C6B740A85130E88D35D007691EB4
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\ssmdrv.sys A36EE93698802CD899F98BFD553D8185
C:\Windows\System32\DRIVERS\ssudmdm.sys 9359AB8BEA059222742345ED63147222
C:\Windows\system32\Drivers\StarOpen.sys 306521935042FC0A6988D528643619B3
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 4C9BB4B3B9EAC26211484C30B914C6DC
C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\Drivers\tcusb.sys 72B9E77565DA5FA564581976E000D29B
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\system32\Drivers\UBHelper.sys F763E070843EE2803DE1395002B42938
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\System32\DRIVERS\usbccid.sys E0B8489AEDA9EA33361037BE6A8CF1CA
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\HSX_CNXT.sys BB9CBAF6AC20452B245C324F1F50EE81
C:\Windows\System32\DRIVERS\winbondcir.sys 3FA87D56769838AAC82FAFC3E78FC732
C:\Windows\System32\DRIVERS\WinUSB.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WSDPrint.sys 4422AC5ED8D4C2F0DB63E71D4C069DD7
C:\Windows\System32\DRIVERS\WSDScan.sys 65D1FF8AAFF4A7D8F787A290E5087816
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 4D840C6AF3C020ED3A35EFBA9025CF4A
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-28 20:57 - 2014-04-28 20:57 - 00036292 _____ () C:\Users\Anne\Desktop\FRST.txt
2014-04-28 20:55 - 2014-04-28 20:57 - 00000000 ____D () C:\FRST
2014-04-28 20:31 - 2014-04-28 20:30 - 01049600 _____ (Farbar) C:\Users\Anne\Desktop\FRST.exe
2014-04-23 19:23 - 2014-04-23 19:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-23 19:23 - 2014-04-23 19:22 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-23 19:22 - 2014-04-23 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 22:22 - 2014-04-21 22:22 - 00000000 ____D () C:\Users\Anne\Documents\Steuer-Sparbuch
2014-04-21 19:39 - 2014-04-23 13:32 - 00000000 ____D () C:\Users\Anne\Documents\Mein Steuer-Sparbuch Heute
2014-04-21 16:45 - 2014-04-22 22:05 - 00000583 _____ () C:\Windows\wiso.ini
2014-04-21 16:45 - 2014-04-21 16:54 - 00000000 ____D () C:\Users\Anne\AppData\Local\Buhl
2014-04-21 16:45 - 2014-04-21 16:45 - 00001880 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-04-21 16:43 - 2014-04-21 16:43 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Buhl Data Service
2014-04-21 16:43 - 2014-04-21 16:43 - 00000000 ____D () C:\Users\Anne\AppData\Local\Buhl Data Service
2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-04-21 16:39 - 2014-04-21 16:39 - 00000000 ____D () C:\Program Files\WISO
2014-04-21 16:38 - 2014-04-21 16:45 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-04-21 16:08 - 2014-04-21 16:27 - 00000000 ____D () C:\Users\Anne\Desktop\WISO Steuer-Sparbuch 2014 (für Steuerjahr 2013) (Download)
2014-04-14 20:20 - 2014-04-23 19:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-14 20:20 - 2014-04-14 20:20 - 00000000 ____D () C:\Program Files\Common Files\Java(7)
2014-04-11 07:46 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 07:46 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 07:46 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 07:46 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 07:46 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 07:46 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 07:46 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-11 07:46 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 07:46 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-11 07:46 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 07:46 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 07:46 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 07:46 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 07:46 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 07:46 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-11 07:46 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 07:36 - 2014-04-11 07:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-10 17:10 - 2014-04-10 17:10 - 01070840 _____ (Solid State Networks) C:\Users\Anne\Downloads\install_flashplayer13x32au_mssa_aaa_aih.exe
2014-04-10 14:50 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 09:08 - 2014-04-08 09:08 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\InfraRecorder
2014-04-08 09:08 - 2014-04-08 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2014-04-02 13:35 - 2014-04-02 13:35 - 00000000 ____D () C:\Users\Anne\Documents\SelfMV
2014-04-02 13:32 - 2014-04-02 13:33 - 00000000 ____D () C:\Users\Anne\Desktop\Handy
2014-04-02 13:19 - 2014-04-02 13:19 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-04-02 13:19 - 2014-04-02 13:19 - 00000000 ____D () C:\Users\Anne\AppData\Local\Samsung
2014-04-02 13:18 - 2014-04-02 13:18 - 00001787 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-04-02 13:18 - 2014-04-02 13:18 - 00001777 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-04-02 13:18 - 2014-04-02 13:18 - 00000000 ____D () C:\Users\Anne\Documents\samsung
2014-04-02 13:17 - 2013-12-26 07:41 - 00184248 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-04-02 13:17 - 2013-12-26 07:41 - 00088632 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-04-02 13:15 - 2014-04-02 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-04-02 13:15 - 2014-04-02 13:15 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-04-02 13:14 - 2014-04-02 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-04-02 13:14 - 2014-01-23 18:23 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-04-02 13:14 - 2014-01-23 18:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-04-02 13:13 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-04-02 13:13 - 2014-01-23 18:31 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\system32\Drivers\dgderdrv.sys
2014-04-02 13:11 - 2014-04-02 13:15 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-02 13:09 - 2014-04-02 13:09 - 00000000 ____D () C:\Users\Anne\AppData\Local\Downloaded Installations
2014-04-02 12:57 - 2014-04-27 14:14 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Samsung
2014-04-02 12:57 - 2014-04-02 12:58 - 00000000 _____ () C:\ProgramData\LauncherAccess.dt
2014-04-02 12:43 - 2014-04-27 14:14 - 00000000 ____D () C:\Program Files\Samsung
2014-04-02 12:43 - 2006-07-24 16:05 - 00005632 _____ () C:\Windows\system32\Drivers\StarOpen.sys
2014-03-30 20:15 - 2014-03-30 20:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-28 20:57 - 2014-04-28 20:57 - 00036292 _____ () C:\Users\Anne\Desktop\FRST.txt
2014-04-28 20:57 - 2014-04-28 20:55 - 00000000 ____D () C:\FRST
2014-04-28 20:55 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 20:54 - 2011-01-16 18:48 - 00001356 _____ () C:\Users\Anne\AppData\Local\d3d9caps.dat
2014-04-28 20:30 - 2014-04-28 20:31 - 01049600 _____ (Farbar) C:\Users\Anne\Desktop\FRST.exe
2014-04-28 19:37 - 2011-01-16 18:39 - 02038283 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 19:15 - 2012-08-07 01:00 - 02393590 _____ () C:\Windows\PFRO.log
2014-04-28 19:13 - 2011-03-20 18:48 - 00032768 _____ () C:\ProgramData\nvModes.001
2014-04-28 19:12 - 2013-05-27 21:20 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 19:12 - 2008-07-30 04:13 - 00000147 _____ () C:\Windows\system32\agent.log
2014-04-28 19:12 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 19:12 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 19:12 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 14:14 - 2014-04-02 12:57 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Samsung
2014-04-27 14:14 - 2014-04-02 12:43 - 00000000 ____D () C:\Program Files\Samsung
2014-04-26 10:43 - 2011-01-16 19:06 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-04-25 20:08 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\nap
2014-04-25 20:07 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-25 19:31 - 2012-04-18 09:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 19:26 - 2013-11-06 17:26 - 00000284 _____ () C:\Windows\Tasks\FoxTab.job
2014-04-25 19:09 - 2013-05-27 21:20 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 17:13 - 2011-01-16 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-25 17:13 - 2011-01-16 22:07 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-25 12:33 - 2011-01-17 19:20 - 00000000 ____D () C:\Users\Anne\AppData\Local\Adobe
2014-04-25 12:32 - 2012-04-18 09:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-25 12:32 - 2011-06-01 15:05 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-24 08:27 - 2014-03-07 10:18 - 00000000 ___RD () C:\Users\Anne\Desktop\Julians Ordner
2014-04-23 19:24 - 2014-04-14 20:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 19:23 - 2014-04-23 19:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-23 19:22 - 2014-04-23 19:23 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-23 19:22 - 2014-04-23 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 13:32 - 2014-04-21 19:39 - 00000000 ____D () C:\Users\Anne\Documents\Mein Steuer-Sparbuch Heute
2014-04-22 22:05 - 2014-04-21 16:45 - 00000583 _____ () C:\Windows\wiso.ini
2014-04-21 22:22 - 2014-04-21 22:22 - 00000000 ____D () C:\Users\Anne\Documents\Steuer-Sparbuch
2014-04-21 16:54 - 2014-04-21 16:45 - 00000000 ____D () C:\Users\Anne\AppData\Local\Buhl
2014-04-21 16:45 - 2014-04-21 16:45 - 00001880 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-04-21 16:45 - 2014-04-21 16:38 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-04-21 16:43 - 2014-04-21 16:43 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Buhl Data Service
2014-04-21 16:43 - 2014-04-21 16:43 - 00000000 ____D () C:\Users\Anne\AppData\Local\Buhl Data Service
2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-04-21 16:39 - 2014-04-21 16:39 - 00000000 ____D () C:\Program Files\WISO
2014-04-21 16:39 - 2008-07-30 03:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-21 16:27 - 2014-04-21 16:08 - 00000000 ____D () C:\Users\Anne\Desktop\WISO Steuer-Sparbuch 2014 (für Steuerjahr 2013) (Download)
2014-04-17 14:14 - 2011-03-20 18:48 - 00054932 _____ () C:\ProgramData\nvModes.dat
2014-04-17 13:49 - 2012-02-02 00:14 - 00282296 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-04-17 13:49 - 2012-02-01 22:55 - 00282296 _____ () C:\Windows\system32\PnkBstrB.exe
2014-04-17 13:46 - 2012-02-01 22:56 - 00139648 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-04-17 13:46 - 2012-02-01 22:55 - 00282296 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-04-15 21:25 - 2011-01-16 18:48 - 00000000 ____D () C:\Users\Anne
2014-04-15 21:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-04-15 21:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-15 21:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-04-15 21:25 - 2006-11-02 12:22 - 43778048 _____ () C:\Windows\system32\config\software_previous
2014-04-15 21:25 - 2006-11-02 12:22 - 38797312 _____ () C:\Windows\system32\config\system_previous
2014-04-15 21:22 - 2006-11-02 12:22 - 36438016 _____ () C:\Windows\system32\config\components_previous
2014-04-15 21:22 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-04-14 23:17 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-04-14 23:17 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-04-14 20:20 - 2014-04-14 20:20 - 00000000 ____D () C:\Program Files\Common Files\Java(7)
2014-04-14 20:19 - 2012-02-21 14:43 - 00000000 ____D () C:\Program Files\Java
2014-04-11 07:50 - 2008-07-30 04:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 07:46 - 2013-08-10 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 07:39 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-11 07:37 - 2011-05-08 22:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-11 07:36 - 2014-04-11 07:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-11 07:36 - 2013-03-18 14:35 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-11 07:36 - 2013-03-18 14:35 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-11 07:36 - 2011-05-08 22:39 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-10 17:10 - 2014-04-10 17:10 - 01070840 _____ (Solid State Networks) C:\Users\Anne\Downloads\install_flashplayer13x32au_mssa_aaa_aih.exe
2014-04-08 09:08 - 2014-04-08 09:08 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\InfraRecorder
2014-04-08 09:08 - 2014-04-08 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2014-04-02 13:35 - 2014-04-02 13:35 - 00000000 ____D () C:\Users\Anne\Documents\SelfMV
2014-04-02 13:33 - 2014-04-02 13:32 - 00000000 ____D () C:\Users\Anne\Desktop\Handy
2014-04-02 13:22 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-02 13:19 - 2014-04-02 13:19 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-04-02 13:19 - 2014-04-02 13:19 - 00000000 ____D () C:\Users\Anne\AppData\Local\Samsung
2014-04-02 13:19 - 2012-10-31 19:53 - 00006308 _____ () C:\Windows\setupact.log
2014-04-02 13:18 - 2014-04-02 13:18 - 00001787 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-04-02 13:18 - 2014-04-02 13:18 - 00001777 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-04-02 13:18 - 2014-04-02 13:18 - 00000000 ____D () C:\Users\Anne\Documents\samsung
2014-04-02 13:15 - 2014-04-02 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-04-02 13:15 - 2014-04-02 13:15 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-04-02 13:15 - 2014-04-02 13:11 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-02 13:14 - 2014-04-02 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-04-02 13:09 - 2014-04-02 13:09 - 00000000 ____D () C:\Users\Anne\AppData\Local\Downloaded Installations
2014-04-02 12:58 - 2014-04-02 12:57 - 00000000 _____ () C:\ProgramData\LauncherAccess.dt
2014-04-02 12:55 - 2013-12-28 16:31 - 00013770 _____ () C:\Windows\DPINST.LOG
2014-04-02 12:09 - 2011-01-22 22:51 - 00048128 _____ () C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-01 21:28 - 2011-01-17 18:51 - 00000000 ____D () C:\Program Files\DivX
2014-04-01 21:28 - 2011-01-17 18:50 - 00000000 ____D () C:\ProgramData\DivX
2014-03-31 09:35 - 2011-01-18 18:08 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 07:49 - 2012-04-26 00:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 20:16 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\68293uninstall.exe
C:\Users\Anne\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anne\AppData\Local\Temp\DivXSetup.exe
C:\Users\Anne\AppData\Local\Temp\pylCABD.tmp.exe
C:\Users\Anne\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Anne\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Anne\AppData\Local\Temp\Sqlite3.dll
C:\Users\Anne\AppData\Local\Temp\TuneUpUtilities2013_de-DE.exe
C:\Users\Anne\AppData\Local\Temp\{32147A02-7E09-42D1-9A31-3AE7B2BCC426}-29.0.1547.57_28.0.1500.95_chrome_updater.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {82156189-5e21-11dd-8036-8873afd96c5e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
Windows-Startladeprogramm
-------------------------
Bezeichner              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  partition=\Device\HarddiskVolume1
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                partition=\Device\HarddiskVolume1
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {82156189-5e21-11dd-8036-8873afd96c5e}
nx                      OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {82156189-5e21-11dd-8036-8873afd96c5e}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes
Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner              {ntldr}
device                  unknown
path                    \ntldr
description             Frhere Windows-Version
EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes
Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
RAM-Defekte
-----------
Bezeichner              {badmemory}
Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}
LastRegBack: 2014-04-28 19:34
==================== End Of Log ============================
          | 
|  29.04.2014, 10:55 | #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes Anleitung / Hilfe Hi,__________________ bitte alle Logs von Malwarebytes posten. Oder kommst an die nicht mehr ran? Zitat: 
 
				__________________ | 
|  29.04.2014, 12:49 | #3 | 
|  |   Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes Details Hallo Cosinus!__________________ Danke für die Antwort! Im Safe Mode habe ich lediglich FRST vom Stick auf das Desktop gezogen und gestartet. Ich komme an die Logfiles von MalwareBytes, werde sie hier heute Abend posten (bin noch im Büro). Grüße, Anne | 
|  29.04.2014, 12:53 | #4 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Lösung: Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes Gut, alles was du hast bitte in CODE-Tags  Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor: 
 
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  01.05.2014, 13:59 | #5 | 
|  |   Wie Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes Hallo Cosinus! Hat doch etwas gedauert, aber hier ist das Logfile von MalwareBytes: Code: 
  ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.04.25.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Anne :: ANNE-PC [Administrator] Schutz: Aktiviert 25.04.2014 17:17:15 mbam-log-2014-04-25 (17-17-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 388422 Laufzeit: 2 Stunde(n), 22 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 9 HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0X2O1C0R2R1R -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 14 C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Roaming\OpenCandy\35D4DCA74F65402183BA910B5075DD39 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Roaming\OpenCandy\OpenCandy_35D4DCA74F65402183BA910B5075DD39 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 23 C:\$RECYCLE.BIN\S-1-5-21-4101727756-4183431276-4144727469-1000\$RJIDI3N.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe (PUP.Optional.SweetPacks.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMGTO102\mism[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9J3N4G5\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\bd.exe.9373195 (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\gFW4stmY.exe.part (PUP.Optional.Domalq) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\koe3CRBK.exe.part (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\BDADA9E7-BAB0-7891-BF77-93FD695957D9\Latest\MyBabylonTB.exe (PUP.Optional.Montera.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\is-8KRCA.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\is1293689599\9266412_stp\rcpsetup_adppi4_adppi4.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\Desktop\Downloads\InternationalPrimoPDF.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\Desktop\Downloads\Media-Player.exe (PUP.Optional.Freemium.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\Desktop\Downloads\SoftonicDownloader_fuer_1-2-3fileconvert.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Roaming\OpenCandy\35D4DCA74F65402183BA910B5075DD39\nitro_pdf_reader2_de_x86.msi (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anne\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) | 
|  01.05.2014, 23:12 | #6 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Wo Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes Lösung! Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop. 
 2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu   vermeiden. 
 3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST   64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen) 
 
				__________________ --> Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes | 
|  08.05.2014, 20:06 | #7 | 
|  |   Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes Hallo Cosinus! Vielen Dank für deine Hilfe! Hier sind die Logfiles in der Reihenfolge, wie du sie angefordert hast: 1.adwCleaner AdwCleaner Logfile: Code: 
  ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 20:38:23
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Anne - ANNE-PC
# Gestartet von : C:\Users\Anne\Desktop\adwcleaner_3.2.0.7.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\prefs.js ]
-\\ Google Chrome v34.0.1847.116
[ Datei : C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [16953 octets] - [08/05/2014 20:32:07]
AdwCleaner[R1].txt - [1062 octets] - [08/05/2014 20:36:24]
AdwCleaner[S0].txt - [16937 octets] - [08/05/2014 20:33:02]
AdwCleaner[S1].txt - [985 octets] - [08/05/2014 20:38:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1044 octets] ##########
         2. Junkware Removal Tool Code: 
  ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Anne on 08.05.2014 at 20:42:32,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4101727756-4183431276-4144727469-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Anne\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files\free video converter"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
~~~ FireFox
Emptied folder: C:\Users\Anne\AppData\Roaming\mozilla\firefox\profiles\vtic3sad.default\minidumps [247 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2014 at 20:45:14,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         FRST Logfile: Code: 
  ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014 (ATTENTION: ====> FRST version is 11 days old and could be outdated)
Ran by Anne (administrator) on ANNE-PC on 08-05-2014 20:52:32
Running from C:\Users\Anne\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-11] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\Run: [EPSON04DE03 (Epson Stylus SX430)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S1].txt
HKU\S-1-5-21-4101727756-4183431276-4144727469-1000\...\MountPoints2: F - F:\laucher.exe
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0111&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0111&m=aspire_6930g
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0111&m=aspire_6930g
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {79B302FD-4533-4B8C-80AB-1389858D656D} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default
FF Homepage: www.gmx.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-02-19]
FF Extension: Battlefield Heroes Updater - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\Extensions\battlefieldheroespatcher@ea.com [2013-06-18]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-04]
FF Extension: GMX MailCheck - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\vtic3sad.default\Extensions\toolbar@gmx.net.xpi [2011-05-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-08]
Chrome: 
=======
CHR HomePage: 
CHR Extension: (avast! Online Security) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-21]
CHR Extension: (Google Wallet) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-11]
========================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-05-01] (Avira GmbH)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-13] (Avira GmbH)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-11] (AVAST Software)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
S4 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2011-01-16] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S4 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [175632 2012-04-11] (Nitro PDF Software)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-03-17] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2011-01-16] (Alfa Corporation)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-11] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-11] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-11] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-11] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-11] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-11] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-07-13] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-07-13] (Avira GmbH)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47104 2008-05-19] (Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [57856 2010-01-07] (SCM Microsystems Inc.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-08 20:45 - 2014-05-08 20:45 - 00001334 _____ () C:\Users\Anne\Desktop\JRT.txt
2014-05-08 20:42 - 2014-05-08 20:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 20:32 - 2014-05-08 20:41 - 00000000 ____D () C:\AdwCleaner
2014-05-08 20:30 - 2014-05-08 20:52 - 00000969 _____ () C:\Users\Anne\Desktop\FRST.txt
2014-05-08 20:30 - 2014-05-08 20:21 - 01016261 _____ (Thisisu) C:\Users\Anne\Desktop\JRT.exe
2014-05-08 20:30 - 2014-05-08 20:19 - 01316991 _____ () C:\Users\Anne\Desktop\adwcleaner_3.2.0.7.exe
2014-05-08 20:30 - 2014-04-28 21:00 - 00066993 _____ () C:\Users\Anne\Desktop\Shortcut.txt
2014-05-08 20:30 - 2014-04-28 21:00 - 00038720 _____ () C:\Users\Anne\Desktop\Addition.txt
2014-04-28 20:55 - 2014-05-08 20:52 - 00000000 ____D () C:\FRST
2014-04-28 20:31 - 2014-04-28 20:30 - 01049600 _____ (Farbar) C:\Users\Anne\Desktop\FRST.exe
2014-04-23 19:23 - 2014-04-23 19:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-23 19:23 - 2014-04-23 19:22 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-23 19:22 - 2014-04-23 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 22:22 - 2014-04-21 22:22 - 00000000 ____D () C:\Users\Anne\Documents\Steuer-Sparbuch
2014-04-21 19:39 - 2014-04-23 13:32 - 00000000 ____D () C:\Users\Anne\Documents\Mein Steuer-Sparbuch Heute
2014-04-21 16:45 - 2014-04-22 22:05 - 00000583 _____ () C:\Windows\wiso.ini
2014-04-21 16:45 - 2014-04-21 16:54 - 00000000 ____D () C:\Users\Anne\AppData\Local\Buhl
2014-04-21 16:45 - 2014-04-21 16:45 - 00001880 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-04-21 16:43 - 2014-04-21 16:43 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Buhl Data Service
2014-04-21 16:43 - 2014-04-21 16:43 - 00000000 ____D () C:\Users\Anne\AppData\Local\Buhl Data Service
2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-04-21 16:39 - 2014-04-21 16:39 - 00000000 ____D () C:\Program Files\WISO
2014-04-21 16:38 - 2014-04-21 16:45 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-04-21 16:08 - 2014-04-21 16:27 - 00000000 ____D () C:\Users\Anne\Desktop\WISO Steuer-Sparbuch 2014 (für Steuerjahr 2013) (Download)
2014-04-14 20:20 - 2014-04-23 19:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-14 20:20 - 2014-04-14 20:20 - 00000000 ____D () C:\Program Files\Common Files\Java(7)
2014-04-11 07:46 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 07:46 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 07:46 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 07:46 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 07:46 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 07:46 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 07:46 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-11 07:46 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 07:46 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-11 07:46 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 07:46 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 07:46 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 07:46 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 07:46 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 07:46 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-11 07:46 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 07:36 - 2014-04-11 07:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-10 17:10 - 2014-04-10 17:10 - 01070840 _____ (Solid State Networks) C:\Users\Anne\Downloads\install_flashplayer13x32au_mssa_aaa_aih.exe
2014-04-10 14:50 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 09:08 - 2014-04-08 09:08 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\InfraRecorder
2014-04-08 09:08 - 2014-04-08 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
==================== One Month Modified Files and Folders =======
2014-05-08 20:52 - 2014-05-08 20:30 - 00000969 _____ () C:\Users\Anne\Desktop\FRST.txt
2014-05-08 20:52 - 2014-04-28 20:55 - 00000000 ____D () C:\FRST
2014-05-08 20:45 - 2014-05-08 20:45 - 00001334 _____ () C:\Users\Anne\Desktop\JRT.txt
2014-05-08 20:45 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 20:42 - 2014-05-08 20:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 20:41 - 2014-05-08 20:32 - 00000000 ____D () C:\AdwCleaner
2014-05-08 20:39 - 2012-08-07 01:00 - 02394650 _____ () C:\Windows\PFRO.log
2014-05-08 20:21 - 2014-05-08 20:30 - 01016261 _____ (Thisisu) C:\Users\Anne\Desktop\JRT.exe
2014-05-08 20:19 - 2014-05-08 20:30 - 01316991 _____ () C:\Users\Anne\Desktop\adwcleaner_3.2.0.7.exe
2014-05-01 14:52 - 2011-01-16 18:48 - 00001356 _____ () C:\Users\Anne\AppData\Local\d3d9caps.dat
2014-05-01 14:41 - 2013-05-27 21:20 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 14:41 - 2011-03-20 18:48 - 00032768 _____ () C:\ProgramData\nvModes.001
2014-05-01 14:40 - 2008-07-30 04:13 - 00000147 _____ () C:\Windows\system32\agent.log
2014-05-01 14:40 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 14:40 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-01 14:40 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 21:00 - 2014-05-08 20:30 - 00066993 _____ () C:\Users\Anne\Desktop\Shortcut.txt
2014-04-28 21:00 - 2014-05-08 20:30 - 00038720 _____ () C:\Users\Anne\Desktop\Addition.txt
2014-04-28 20:30 - 2014-04-28 20:31 - 01049600 _____ (Farbar) C:\Users\Anne\Desktop\FRST.exe
2014-04-28 19:37 - 2011-01-16 18:39 - 02038283 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 14:14 - 2014-04-02 12:57 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Samsung
2014-04-27 14:14 - 2014-04-02 12:43 - 00000000 ____D () C:\Program Files\Samsung
2014-04-26 10:43 - 2011-01-16 19:06 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-04-25 20:08 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\nap
2014-04-25 20:07 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-25 19:31 - 2012-04-18 09:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 19:09 - 2013-05-27 21:20 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 17:13 - 2011-01-16 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-25 17:13 - 2011-01-16 22:07 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-25 12:33 - 2011-01-17 19:20 - 00000000 ____D () C:\Users\Anne\AppData\Local\Adobe
2014-04-25 12:32 - 2012-04-18 09:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-25 12:32 - 2011-06-01 15:05 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-23 19:24 - 2014-04-14 20:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 19:23 - 2014-04-23 19:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-23 19:22 - 2014-04-23 19:23 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 19:22 - 2014-04-23 19:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-23 19:22 - 2014-04-23 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 13:32 - 2014-04-21 19:39 - 00000000 ____D () C:\Users\Anne\Documents\Mein Steuer-Sparbuch Heute
2014-04-22 22:05 - 2014-04-21 16:45 - 00000583 _____ () C:\Windows\wiso.ini
2014-04-21 22:22 - 2014-04-21 22:22 - 00000000 ____D () C:\Users\Anne\Documents\Steuer-Sparbuch
2014-04-21 16:54 - 2014-04-21 16:45 - 00000000 ____D () C:\Users\Anne\AppData\Local\Buhl
2014-04-21 16:45 - 2014-04-21 16:45 - 00001880 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-04-21 16:45 - 2014-04-21 16:38 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-04-21 16:43 - 2014-04-21 16:43 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Buhl Data Service
2014-04-21 16:43 - 2014-04-21 16:43 - 00000000 ____D () C:\Users\Anne\AppData\Local\Buhl Data Service
2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-04-21 16:39 - 2014-04-21 16:39 - 00000000 ____D () C:\Program Files\WISO
2014-04-21 16:39 - 2008-07-30 03:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-21 16:27 - 2014-04-21 16:08 - 00000000 ____D () C:\Users\Anne\Desktop\WISO Steuer-Sparbuch 2014 (für Steuerjahr 2013) (Download)
2014-04-17 14:14 - 2011-03-20 18:48 - 00054932 _____ () C:\ProgramData\nvModes.dat
2014-04-17 13:49 - 2012-02-02 00:14 - 00282296 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-04-17 13:49 - 2012-02-01 22:55 - 00282296 _____ () C:\Windows\system32\PnkBstrB.exe
2014-04-17 13:46 - 2012-02-01 22:56 - 00139648 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-04-17 13:46 - 2012-02-01 22:55 - 00282296 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-04-15 21:25 - 2011-01-16 18:48 - 00000000 ____D () C:\Users\Anne
2014-04-15 21:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-04-15 21:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-15 21:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-04-15 21:25 - 2006-11-02 12:22 - 43778048 _____ () C:\Windows\system32\config\software_previous
2014-04-15 21:25 - 2006-11-02 12:22 - 38797312 _____ () C:\Windows\system32\config\system_previous
2014-04-15 21:22 - 2006-11-02 12:22 - 36438016 _____ () C:\Windows\system32\config\components_previous
2014-04-15 21:22 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-04-14 23:17 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-04-14 23:17 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-04-14 20:20 - 2014-04-14 20:20 - 00000000 ____D () C:\Program Files\Common Files\Java(7)
2014-04-14 20:19 - 2012-02-21 14:43 - 00000000 ____D () C:\Program Files\Java
2014-04-11 07:50 - 2008-07-30 04:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 07:46 - 2013-08-10 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 07:39 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-11 07:37 - 2011-05-08 22:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-11 07:36 - 2014-04-11 07:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-11 07:36 - 2013-03-18 14:35 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-11 07:36 - 2013-03-18 14:35 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-11 07:36 - 2011-05-08 22:39 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-11 07:36 - 2011-05-08 22:39 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-10 17:10 - 2014-04-10 17:10 - 01070840 _____ (Solid State Networks) C:\Users\Anne\Downloads\install_flashplayer13x32au_mssa_aaa_aih.exe
2014-04-08 09:08 - 2014-04-08 09:08 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\InfraRecorder
2014-04-08 09:08 - 2014-04-08 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
Some content of TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\68293uninstall.exe
C:\Users\Anne\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anne\AppData\Local\Temp\DivXSetup.exe
C:\Users\Anne\AppData\Local\Temp\pylCABD.tmp.exe
C:\Users\Anne\AppData\Local\Temp\Quarantine.exe
C:\Users\Anne\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Anne\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Anne\AppData\Local\Temp\Sqlite3.dll
C:\Users\Anne\AppData\Local\Temp\TuneUpUtilities2013_de-DE.exe
C:\Users\Anne\AppData\Local\Temp\{32147A02-7E09-42D1-9A31-3AE7B2BCC426}-29.0.1547.57_28.0.1500.95_chrome_updater.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-28 19:34
==================== End Of Log ============================
         4. FRST: Addition Code: 
  ATTFilter  Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by Anne at 2014-04-28 20:58:32
Running from C:\Users\Anne\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: AntiVir Desktop (Disabled - Out of date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AAU 6.0.00.17 (HKLM\...\Acer Acer Bio Protection 6.0.00.17) (Version:  - )
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5529 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5529 - CyberLink Corp.) Hidden
Acer Bio Protection
Acer Crystal Eye Webcam 2.0.8 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.8 - SuYin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3008 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3062 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3009 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 3.1.3000 - Acer Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 20960989.-2.2009755766.2009754780 - Audible, Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2016 - Avast Software)
Avira AntiVir Personal - Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 10.2.0.707 - Avira GmbH)
Battlefield Heroes (HKLM\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call Graph (HKLM\...\Call Graph) (Version:  - Sedna Wireless Pvt. Ltd.)
Cisco Systems VPN Client 5.0.06.0160 (HKLM\...\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}) (Version: 5.0.6 - Cisco Systems, Inc.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023d - CyberLink Corp.)
CyberLink PowerDirector (Version: 6.5.3023d - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DriverTuner 3.1.0.1 (HKLM\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Dropbox (HKCU\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version:  - SEIKO EPSON Corporation)
Free Video Converter V 3.1 (HKLM\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 5.4.0.1061 (HKCU\...\GoToMeeting) (Version: 5.4.0.1061 - CitrixOnline)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
honestech Audio Recorder 2.0 Deluxe (HKLM\...\{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}) (Version: 2.0 - honestech)
honestech Audio Recorder 2.0 Deluxe (Version: 2.0 - Honest Technology) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPC-HC 1.6.5.6366 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.5.6366 - MPC-HC Team)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nitro Reader 2 (HKLM\...\{93705D7B-72BB-4F37-92B1-A87E601BD0CF}) (Version: 2.3.1.7 - Nitro PDF Software)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
Pamela Basic 4.7 (HKLM\...\Pamela) (Version: 4.7 - Scendix Software-Vertriebsges. mbH)
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
posterXXL Designer 5.2 (HKLM\...\posterXXL Designer)_is1) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5618 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
RUBICon (HKLM\...\{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}) (Version: 2.0.24 - RUB)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SCR3xxx Smart Card Reader (HKLM\...\{6DA99C69-0799-467E-9496-F37E1E452A4A}) (Version: 8.40 - SCM Microsystems)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SPBA 5.8 (HKLM\...\{ECCD28B2-8798-4D16-8126-625D728294A1}) (Version: 5.8.2.4218 - UPEK Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Winbond CIR Device Drivers (HKLM\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
WISO Steuer-Sparbuch 2014 (HKLM\...\{71C42C0A-9250-48CA-84DB-675533CD4535}) (Version: 21.00.8480 - Buhl Data Service GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version: 4.3.0.15050 - Blizzard Entertainment)
==================== Restore Points  =========================
23-03-2014 18:24:56 Geplanter Prüfpunkt
25-03-2014 06:32:03 Windows Update
28-03-2014 12:19:35 Windows Update
01-04-2014 10:52:24 Windows Update
02-04-2014 10:42:43 Installiert Samsung PC Studio 3
02-04-2014 10:44:28 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co.,Ltd.  USB-Controller
02-04-2014 10:45:04 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co.,Ltd.  Modems
02-04-2014 10:45:46 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co.,Ltd.  USB-Controller
02-04-2014 10:46:27 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co.,Ltd.  Modems
02-04-2014 10:47:06 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co.,Ltd.  Anschlüsse (COM & LPT)
02-04-2014 10:47:49 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co., Ltd.  USB-Controller
02-04-2014 10:48:29 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co., Ltd.  Anschlüsse (COM & LPT)
02-04-2014 10:49:11 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co., Ltd.  Modems
02-04-2014 10:49:55 Gerätetreiber-Paketinstallation: Samsung Electronic, Co. Ltd.  USB-Controller
02-04-2014 10:50:35 Gerätetreiber-Paketinstallation: Samsung Electronic, Co. Ltd.  Modems
02-04-2014 10:51:13 Gerätetreiber-Paketinstallation: Samsung Electronic, Co. Ltd.  Anschlüsse (COM & LPT)
02-04-2014 10:51:53 Gerätetreiber-Paketinstallation: Samsung Electronic, Co. Ltd.  Anschlüsse (COM & LPT)
02-04-2014 10:52:36 Gerätetreiber-Paketinstallation: Samsung Electronics Co., LTD USB-Controller
02-04-2014 10:53:14 Gerätetreiber-Paketinstallation: Samsung Electronics Co., LTD Modems
02-04-2014 10:53:55 Gerätetreiber-Paketinstallation: MobileTop Modems
02-04-2014 10:54:36 Gerätetreiber-Paketinstallation: MobileTop USB-Controller
02-04-2014 11:10:36 Installed Samsung Kies
02-04-2014 12:32:51 Windows Update
08-04-2014 06:08:55 Windows Update
11-04-2014 05:33:27 avast! antivirus system restore point
11-04-2014 05:36:21 Windows Update
14-04-2014 18:17:57 Installed Java 8
15-04-2014 09:34:27 Windows Update
16-04-2014 19:48:25 Geplanter Prüfpunkt
21-04-2014 13:04:52 Windows Update
21-04-2014 14:38:36 Installiert WISO Steuer-Sparbuch 2014
23-04-2014 17:20:56 Installed Java 7 Update 55
25-04-2014 05:36:50 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {211E3C1E-0605-4801-B8BA-4461ECD863BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {389EC126-3D51-4202-9CE4-11B6FEB377B7} - System32\Tasks\{95D27A21-E928-4933-9B94-79E575CF8EC6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.117/de/go/help.faq.installer?LastError=1603
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {446E2569-69EA-4CDD-B10B-80522DCBA45F} - System32\Tasks\{B00E5836-1729-40D6-8CCE-F5DCAF9C3C67} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.117/de/go/help.faq.installer?LastError=1603
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {519F7C18-32F9-4FD7-B0C8-495196F51946} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe <==== ATTENTION
Task: {5E0C68A3-D98F-44F4-A192-529E4CEAEA6E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-25] (Adobe Systems Incorporated)
Task: {81C8D65B-B41B-4DC4-A73F-74F928CE8FBD} - System32\Tasks\{81BBE272-2A5F-4280-8770-C99D8020F19E} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.117/de/go/help.faq.installer?LastError=1603
Task: {8BF83B83-9B02-4720-BE90-AA040AF09CD0} - System32\Tasks\FoxTab => C:\Users\Anne\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9F176738-7CB9-4EBE-B350-2DF1CEAA95C3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {BD13D8A2-7C21-4A3F-B594-FD2D1553B818} - System32\Tasks\{15F2DC43-E176-4783-9363-2E9C2DE28FB9} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.117/de/go/help.faq.installer?LastError=1603
Task: {C1EC8552-A241-4541-8824-ADFC21930AA1} - System32\Tasks\{672DA102-8DA6-409E-9DA0-8C9C6611F32D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.117/de/go/help.faq.installer?LastError=1603
Task: {C6520712-F827-43CE-B682-A6C5D8DC25F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-11] (AVAST Software)
Task: {C6596954-4B4C-4FCB-8C52-C655CE06B1BA} - System32\Tasks\{0B6E5B63-0AAF-49FC-99BF-F9B541B611EE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {C87BA09A-9EA6-483E-9486-E0B8B25940E7} - System32\Tasks\{2FA62D91-2CA4-41DE-8874-9E43A23E17F6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.117/de/go/help.faq.installer?LastError=1603
Task: {D13BD487-EF20-443C-AE97-D12707D839D4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {D92D43F9-0613-4DE6-AAD5-91CE06D515CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F7F763E9-A05C-44C1-8B14-77250125F81E} - System32\Tasks\{09E46237-1BFF-4293-AA38-F981C40B17D2} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.117/de/go/help.faq.installer?LastError=1603
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Anne\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-16 19:17 - 2011-01-16 19:17 - 00080896 _____ () C:\Program Files\Acer\Acer Bio Protection\PwdFilter.dll
2013-12-14 14:13 - 2013-12-14 14:13 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: IGBASVC => 2
MSCONFIG\Services: NitroReaderDriverReadSpool2 => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^honestech Audio Recorder 2.0 Deluxe Launcher.lnk => C:\Windows\pss\honestech Audio Recorder 2.0 Deluxe Launcher.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: ZPdtWzdVitaKey MC3000 => "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Anwenderinfrarotgeräte
Description: Anwenderinfrarotgeräte
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/28/2014 08:54:24 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Student 2010; Hr = 0x8007043c).
Error: (04/28/2014 07:17:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/28/2014 07:16:35 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (04/28/2014 07:12:31 PM) (Source: Avira AntiVir) (User: NT-AUTORITÄT)
Description: Die Datei AVPREF.DLL konnte nicht geladen werden.
Fehlercode: 0x45a
Error: (04/28/2014 07:08:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/28/2014 07:07:27 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (04/27/2014 02:19:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/27/2014 02:18:46 PM) (Source: Avira AntiVir) (User: NT-AUTORITÄT)
Description: Die Datei AVPREF.DLL konnte nicht geladen werden.
Fehlercode: 0x45a
Error: (04/27/2014 02:14:26 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Users\Anne\AppData\Local\Temp\{D9F02B12-9C36-4EC5-8E8A-EABE9B26288F}\setup.exe -removeonly -media_path:"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\" -tempdisk1folder:"C:\Users\Anne\AppData\Local\Temp\{D9F02B12-9C36-4EC5-8E8A-EABE9B26288F}\"; Beschreibung = Entfernt Samsung PC Studio 3; Hr = 0x8007043c).
Error: (04/27/2014 02:13:31 PM) (Source: MsiInstaller) (User: Anne-PC)
Description: Product: Samsung Kies -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.
System errors:
=============
Error: (04/28/2014 07:37:13 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (04/28/2014 07:18:25 PM) (Source: Service Control Manager) (User: )
Description: PnP-X-IP-BusauflistungFunktionssuchanbieter-Host%%1068
Error: (04/28/2014 07:17:48 PM) (Source: Service Control Manager) (User: )
Description: aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
avipbb
spldr
ssmdrv
StarOpen
Wanarpv6
Error: (04/28/2014 07:17:48 PM) (Source: Service Control Manager) (User: )
Description: ComputerbrowserServer%%1068
Error: (04/28/2014 07:16:46 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (04/28/2014 07:16:45 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (04/28/2014 07:16:38 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (04/28/2014 07:16:35 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (04/28/2014 07:16:27 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/28/2014 07:16:17 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 28.04.2014 um 19:14:18 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (04/28/2014 08:54:24 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
Error: (04/28/2014 07:17:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/28/2014 07:16:35 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (04/28/2014 07:12:31 PM) (Source: Avira AntiVir)(User: NT-AUTORITÄT)
Description: AVPREF.DLL0x45a
Error: (04/28/2014 07:08:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/28/2014 07:07:27 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (04/27/2014 02:19:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/27/2014 02:18:46 PM) (Source: Avira AntiVir)(User: NT-AUTORITÄT)
Description: AVPREF.DLL0x45a
Error: (04/27/2014 02:14:26 PM) (Source: System Restore)(User: )
Description: C:\Users\Anne\AppData\Local\Temp\{D9F02B12-9C36-4EC5-8E8A-EABE9B26288F}\setup.exe -removeonly -media_path:"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\" -tempdisk1folder:"C:\Users\Anne\AppData\Local\Temp\{D9F02B12-9C36-4EC5-8E8A-EABE9B26288F}\"Entfernt Samsung PC Studio 30x8007043c
Error: (04/27/2014 02:13:31 PM) (Source: MsiInstaller)(User: Anne-PC)
Description: Product: Samsung Kies -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.(NULL)(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
  Date: 2014-04-25 19:22:38.999
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:38.297
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:37.595
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:36.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:36.191
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:35.442
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:34.615
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:33.913
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:33.211
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2014-04-25 19:22:32.509
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info =========================== 
Percentage of memory in use: 22%
Total physical RAM: 3035.93 MB
Available physical RAM: 2358.31 MB
Total Pagefile: 6274.1 MB
Available Pagefile: 5805.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.88 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:20.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:93.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 045A6002)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)
==================== End Of Log ============================
         Grüße, Anne | 
|  08.05.2014, 20:18 | #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytesZitat: 
 
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  09.05.2014, 17:51 | #9 | 
|  |   Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes Hallo Cosinus! Ich habe den Computer im Safe Mode gestartet, weil man sich immer an eure Anleitungen halten sollte: Ich konnte auf keine Programme zugreifen und habe deswegen im Safe Mode gearbeitet. Ich habe gerade mal versucht den Laptop normal hochzufahren und ihn zu verwenden, es klappt. Ich konnte Firefox verwenden (nur die Startseite geöffnet). Soll ich nun noch weitere Schritte durchführen? | 
|  13.05.2014, 14:57 | #10 | 
| /// the machine /// TB-Ausbilder         |   Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes [gelöst] Hi, poste bitte mal ein frisches FRST log aus dem normalen Modus. Noch Probleme mit dem Rechner? 
				__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! | 
|  | 
| Themen zu Windows Vista 32Bit: Probleme nach Reparatur von Fake Java Update mit MalwareBytes | 
| adware.installbrain, bootmgr, dvdvideosoft ltd., flash player, java update, launch, malwarebyte, pup.optional.bonanzadeals.a, pup.optional.bprotector.a, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.domalq, pup.optional.freemium.a, pup.optional.installcore.a, pup.optional.montera.a, pup.optional.opencandy, pup.optional.pcperformer.a, pup.optional.regcleanerpro, pup.optional.softonic.a, pup.optional.somoto, pup.optional.sweetpacks.a, registry, samsung kies, services.exe, sicherheit, svchost.exe, usbvideo.sys, windows, windows vista |