| |
| |||||||
Log-Analyse und Auswertung: Win 7: Selbständige Internetseiten und Umleitung auf WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.05.2014, 09:57
| #1 |
 |  Win 7: Selbständige Internetseiten und Umleitung auf Werbung Hallo, habe mir leider (auch noch auf dem Rechner meines Mannes) etwas eingefangen. Wie im Betreff beschrieben werden Internetseiten selbständig geöffnet und Seiten verändern sich sowohl im Firefox 29.0 als auch IE. Benutze Win 7, G Data Internetsecurity als Virenscanner und habe letzteres sowie Malewarebyte schon heruntergeladen und mehrmals laufen lassen, hat allerdings nichts gebracht. Soll ich hierzu auch die Protokolle schicken? Hier meine Log files zu , GMER hat nicht funktioniert!! Was kann ich tun? Für Eure Hilfe recht herzlichen Dank im Voraus!!!  sushi FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Petro (administrator) on PETER on 29-05-2014 10:22:42
Running from C:\Users\Petro\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Deutsche Telekom AG) C:\Users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => C:\Windows\system32\nvHotkey.dll [539456 2011-10-15] (NVIDIA Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-695438745-3103446122-1789299792-1000\...\Run: [WirelessManager] => C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe [194600 2010-07-28] (Ericsson AB)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135112 2014-05-09] (PC Utilities Software Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
ShortcutTarget: Mediencenter Assistent.lnk -> C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401024587&from=cor&uid=ST9750420AS_6WS0FX3MXXXX6WS0FX3M&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401024587&from=cor&uid=ST9750420AS_6WS0FX3MXXXX6WS0FX3M&q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CA464C80935A73F6&affID=121565&tt=280813_dt&tsp=4992
SearchScopes: HKCU - {87068D2F-8305-4BF8-9015-4471A124B3E8} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: sweet-page
FF SelectedSearchEngine: sweet-page
FF Homepage: www.google.de
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\firefoxdav@icloud.com [2013-12-20]
FF Extension: ShoppeerMasutera - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\tzfrrj34a@cgcao-.edu [2014-05-25]
FF Extension: Ciuvo - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\extension@ciuvo.com.xpi [2013-01-19]
FF Extension: Shoptimate - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\support@shoptimate.com.xpi [2013-01-19]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2013-01-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-09]
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-01-19] (Microsoft)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 MailStoreServer; C:\Program Files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe [432240 2014-01-10] (MailStore Software GmbH)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2012-08-13] (Deutsche Telekom AG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-25] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-05-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-05-25] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-05-25] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-25] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-02-17] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-05-25] (G Data Software AG)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2011-10-15] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 NPF; system32\drivers\NPF.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 10:22 - 2014-05-29 10:22 - 00028870 _____ () C:\Users\Petro\Downloads\FRST.txt
2014-05-29 10:22 - 2014-05-29 10:22 - 00000000 ____D () C:\FRST
2014-05-29 10:21 - 2014-05-29 10:21 - 00000472 _____ () C:\Users\Petro\Downloads\defogger_disable.log
2014-05-28 12:59 - 2014-05-28 12:59 - 00380416 _____ () C:\Users\Petro\Downloads\32zm573i.exe
2014-05-28 12:58 - 2014-05-28 12:58 - 02066944 _____ (Farbar) C:\Users\Petro\Downloads\FRST64.exe
2014-05-28 12:57 - 2014-05-28 12:57 - 00050477 _____ () C:\Users\Petro\Downloads\Defogger.exe
2014-05-26 08:30 - 2014-05-26 08:30 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-26 08:30 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-26 08:29 - 2014-05-26 08:29 - 28852416 _____ (Mozilla) C:\Users\Petro\Downloads\Firefox_Setup_de29.0.1.exe
2014-05-25 21:58 - 2014-05-25 21:58 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-25 21:58 - 2014-05-25 21:58 - 00002058 _____ () C:\Windows\DPINST.LOG
2014-05-25 21:58 - 2014-05-25 21:58 - 00001987 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-25 21:47 - 2014-05-25 21:47 - 00001518 _____ () C:\Mailware.txt
2014-05-25 20:05 - 2014-05-26 23:11 - 00078600 _____ () C:\Windows\PFRO.log
2014-05-25 19:55 - 2014-05-25 21:38 - 00000000 ____D () C:\ProgramData\RoyalCoupOnu
2014-05-25 19:55 - 2014-05-25 19:55 - 00000000 ____D () C:\ProgramData\3a5077e0758623c6
2014-05-25 16:53 - 2014-05-25 16:53 - 00526323 _____ () C:\Users\Petro\Downloads\web_of_trust_wot-20131118-fx.zip
2014-05-25 16:41 - 2014-05-27 21:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 16:40 - 2014-05-25 16:40 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-25 16:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 16:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 16:36 - 2014-05-25 16:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:29 - 2014-05-25 16:29 - 00000040 _____ () C:\Users\Petro\AppData\Roaming\WB.CFG
2014-05-25 15:35 - 2014-05-25 15:35 - 00000000 ____D () C:\Users\Petro\Documents\Optimizer Pro
2014-05-25 15:35 - 2014-05-25 15:35 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Optimizer Pro
2014-05-25 15:30 - 2014-05-25 20:05 - 00000000 ____D () C:\ProgramData\WPM
2014-05-25 15:30 - 2014-05-25 15:31 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DivX
2014-05-25 15:30 - 2014-05-25 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\DivX
2014-05-25 15:29 - 2014-05-29 09:29 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-25 15:29 - 2014-05-26 09:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-25 15:29 - 2014-05-25 15:31 - 00000000 ____D () C:\ProgramData\DivX
2014-05-25 15:29 - 2014-05-25 15:31 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-25 15:29 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-25 15:29 - 2014-05-25 15:29 - 00003226 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-05-25 15:29 - 2014-05-25 15:29 - 00001987 _____ () C:\Windows\unins000.dat
2014-05-25 15:29 - 2014-05-25 15:29 - 00001071 _____ () C:\Users\Petro\Desktop\Optimizer Pro.lnk
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\sweet-page
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\LavFilters
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DigitalSites
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\CDXReader
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-25 15:29 - 2012-02-26 16:47 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-25 15:29 - 2012-01-09 20:45 - 00178688 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-25 15:29 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2014-05-25 15:29 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2014-05-25 15:29 - 2011-05-30 15:42 - 00255488 _____ () C:\Windows\system32\xvidvfw.dll
2014-05-25 15:29 - 2011-05-30 15:42 - 00240640 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-05-25 15:29 - 2011-05-23 11:52 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2014-05-25 15:29 - 2011-05-23 09:49 - 00173568 _____ () C:\Windows\system32\xvid.ax
2014-05-25 15:29 - 2011-05-23 09:46 - 00645632 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-05-25 15:29 - 2011-05-23 09:45 - 00696832 _____ () C:\Windows\system32\xvidcore.dll
2014-05-25 15:22 - 2014-05-25 15:22 - 00215920 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-TB3-0.6.11.2.xpi
2014-05-25 15:21 - 2014-05-25 15:21 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(2).xpi
2014-05-25 15:15 - 2014-05-25 15:15 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(1).xpi
2014-05-25 15:09 - 2014-05-26 07:57 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-05-25 15:09 - 2014-05-25 15:09 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\ParetoLogic
2014-05-25 15:09 - 2014-05-25 15:09 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DriverCure
2014-05-25 15:08 - 2014-05-25 15:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Petro\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-25 15:06 - 2014-05-25 15:06 - 00000000 ____D () C:\Users\Petro\Downloads\outport
2014-05-25 15:03 - 2014-05-25 15:03 - 00417846 _____ () C:\Users\Petro\Downloads\outport-1.1.25.zip
2014-05-25 15:02 - 2014-05-25 15:02 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2.xpi
2014-05-25 13:28 - 2014-05-25 13:28 - 21987152 _____ (Mozilla) C:\Users\Petro\Downloads\Thunderbird_Setup_24.5.0.exe
2014-05-25 11:00 - 2014-05-25 11:00 - 00003134 _____ () C:\Windows\System32\Tasks\{05055B09-8873-456A-B081-A71D2D65866F}
2014-05-25 10:57 - 2014-05-25 10:57 - 04021568 _____ (Microsoft Corporation) C:\Users\Petro\Downloads\OutlookConnector.exe
2014-05-25 10:33 - 2014-05-25 10:33 - 00001805 _____ () C:\Users\Public\Desktop\MailStore Client auf weiteren Rechnern installieren.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001282 _____ () C:\Users\Public\Desktop\Konfiguration des MailStore Server-Dienstes.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001222 _____ () C:\Users\Public\Desktop\MailStore Client.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Server
2014-05-25 09:52 - 2014-05-25 13:37 - 00000000 ____D () C:\Users\Petro\Documents\MailStore Home
2014-05-25 09:51 - 2014-05-25 09:51 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316(1).exe
2014-05-25 09:51 - 2014-05-25 09:51 - 00001228 _____ () C:\Users\Public\Desktop\MailStore Home.lnk
2014-05-25 09:51 - 2014-05-25 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Home
2014-05-25 09:22 - 2014-05-25 09:22 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316.exe
2014-05-25 09:15 - 2014-05-26 21:59 - 00000000 ____D () C:\ProgramData\firebird
2014-05-25 09:15 - 2014-05-25 22:00 - 00000000 ____D () C:\MailArchive
2014-05-25 09:10 - 2014-05-25 09:51 - 00000000 ____D () C:\Program Files (x86)\deepinvent
2014-05-25 09:10 - 2014-05-25 09:10 - 00000000 ____D () C:\ProgramData\MailStore
2014-05-25 09:07 - 2014-05-25 09:08 - 38996392 _____ (MailStore Software GmbH ) C:\Users\Petro\Downloads\MailStoreServerSetup-8.1.2.9268.exe
2014-05-25 08:53 - 2014-05-25 14:52 - 00038576 _____ () C:\Users\Petro\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieUserList
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieSiteList
2014-05-25 07:26 - 2014-05-25 07:57 - 00000000 ____D () C:\Users\Petro\AppData\Local\Windows Live
2014-05-25 07:26 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\{3E05F4D0-A734-441C-8BC6-75ACD713DA63}
2014-05-25 07:26 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\{0C30DAB9-B502-4846-9832-B1D72C83FA76}
2014-05-20 19:08 - 2014-05-20 19:08 - 00007249 _____ () C:\Users\Petro\AppData\Local\recently-used.xbel
2014-05-20 18:53 - 2014-05-20 18:53 - 00000000 ____D () C:\Users\Petro\AppData\Local\webkit
2014-05-20 18:49 - 2014-05-20 19:08 - 00000000 ____D () C:\Users\Petro\AppData\Local\gtk-2.0
2014-05-20 18:49 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\.thumbnails
2014-05-20 18:47 - 2014-05-20 19:08 - 00000000 ____D () C:\Users\Petro\.gimp-2.8
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\AppData\Local\gegl-0.2
2014-05-20 17:46 - 2014-05-20 17:46 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-20 17:45 - 2014-05-20 17:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-20 17:41 - 2014-05-20 17:42 - 90396104 _____ (The GIMP Team ) C:\Users\Petro\Downloads\gimp-2.8.10-setup.exe
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DropboxMaster
2014-05-15 03:05 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:05 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:05 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:05 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:05 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:05 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 06:58 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 06:58 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 06:58 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 06:58 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 06:58 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 06:58 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 06:58 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 06:58 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 06:58 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 06:58 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 06:58 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 06:58 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 06:58 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 06:58 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 06:58 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 14:29 - 2014-05-11 14:29 - 00128064 _____ () C:\Users\Petro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 14:28 - 2014-05-26 23:16 - 00001387 _____ () C:\Windows\setupact.log
2014-05-11 14:28 - 2014-05-11 14:29 - 02104944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 14:28 - 2014-05-11 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-09 22:34 - 2014-05-26 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 21:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 21:15 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 21:15 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 21:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 21:15 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 21:15 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 21:15 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 21:15 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 21:15 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 21:15 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 21:15 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 21:15 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 21:15 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 21:15 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 21:15 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 21:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 21:15 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 21:15 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 21:15 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 21:15 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 21:15 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 21:15 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 21:15 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 21:15 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 21:15 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 21:15 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 21:15 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 21:15 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 21:15 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 21:15 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 21:15 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 21:15 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 21:15 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 21:15 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 21:15 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 21:15 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 21:15 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 21:15 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 21:15 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 21:15 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 21:15 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 21:15 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 21:15 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 21:15 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 22:26 - 2014-05-25 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2014-05-29 10:22 - 2014-05-29 10:22 - 00028870 _____ () C:\Users\Petro\Downloads\FRST.txt
2014-05-29 10:22 - 2014-05-29 10:22 - 00000000 ____D () C:\FRST
2014-05-29 10:21 - 2014-05-29 10:21 - 00000472 _____ () C:\Users\Petro\Downloads\defogger_disable.log
2014-05-29 10:20 - 2011-12-22 15:56 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-29 10:07 - 2012-03-11 17:07 - 00000000 ____D () C:\Users\Petro\Documents\Outlook-Dateien
2014-05-29 10:02 - 2013-10-06 20:37 - 00000000 ____D () C:\Users\Petro\AppData\Local\42F12FD7-AC63-4CF3-A877-21C804D57E47.aplzod
2014-05-29 09:37 - 2012-04-03 06:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 09:29 - 2014-05-25 15:29 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-29 03:00 - 2014-02-17 20:31 - 01072208 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 13:03 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 13:03 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 12:59 - 2014-05-28 12:59 - 00380416 _____ () C:\Users\Petro\Downloads\32zm573i.exe
2014-05-28 12:58 - 2014-05-28 12:58 - 02066944 _____ (Farbar) C:\Users\Petro\Downloads\FRST64.exe
2014-05-28 12:57 - 2014-05-28 12:57 - 00050477 _____ () C:\Users\Petro\Downloads\Defogger.exe
2014-05-28 10:02 - 2013-02-28 13:59 - 00000000 ___RD () C:\Users\Petro\Mediencenter
2014-05-27 21:01 - 2014-05-25 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 23:22 - 2013-02-02 08:49 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Dropbox
2014-05-26 23:21 - 2013-02-02 08:52 - 00000000 ___RD () C:\Users\Petro\Dropbox
2014-05-26 23:19 - 2010-11-21 08:50 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 23:19 - 2010-11-21 08:50 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 23:19 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 23:16 - 2014-05-11 14:28 - 00001387 _____ () C:\Windows\setupact.log
2014-05-26 23:13 - 2011-12-17 15:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-26 23:13 - 2011-12-17 15:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-26 23:13 - 2011-12-17 15:31 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-26 23:12 - 2011-12-17 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-26 23:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 23:11 - 2014-05-25 20:05 - 00078600 _____ () C:\Windows\PFRO.log
2014-05-26 23:11 - 2012-05-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-26 21:59 - 2014-05-25 09:15 - 00000000 ____D () C:\ProgramData\firebird
2014-05-26 09:01 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-26 08:30 - 2014-05-26 08:30 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-26 08:30 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-09 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 08:29 - 2014-05-26 08:29 - 28852416 _____ (Mozilla) C:\Users\Petro\Downloads\Firefox_Setup_de29.0.1.exe
2014-05-26 07:57 - 2014-05-25 15:09 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-05-25 22:58 - 2013-09-01 22:02 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\BabSolution
2014-05-25 22:00 - 2014-05-25 09:15 - 00000000 ____D () C:\MailArchive
2014-05-25 21:58 - 2014-05-25 21:58 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-25 21:58 - 2014-05-25 21:58 - 00002058 _____ () C:\Windows\DPINST.LOG
2014-05-25 21:58 - 2014-05-25 21:58 - 00001987 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-25 21:58 - 2014-02-15 15:58 - 00068608 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00135168 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00065024 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00057344 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-05-25 21:57 - 2014-02-15 15:56 - 00000000 ____D () C:\ProgramData\G Data
2014-05-25 21:47 - 2014-05-25 21:47 - 00001518 _____ () C:\Mailware.txt
2014-05-25 21:38 - 2014-05-25 19:55 - 00000000 ____D () C:\ProgramData\RoyalCoupOnu
2014-05-25 20:05 - 2014-05-25 15:30 - 00000000 ____D () C:\ProgramData\WPM
2014-05-25 19:55 - 2014-05-25 19:55 - 00000000 ____D () C:\ProgramData\3a5077e0758623c6
2014-05-25 17:47 - 2013-09-01 22:02 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-05-25 16:53 - 2014-05-25 16:53 - 00526323 _____ () C:\Users\Petro\Downloads\web_of_trust_wot-20131118-fx.zip
2014-05-25 16:40 - 2014-05-25 16:40 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-25 16:40 - 2013-01-21 22:16 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Malwarebytes
2014-05-25 16:40 - 2013-01-21 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 16:37 - 2014-05-25 16:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:29 - 2014-05-25 16:29 - 00000040 _____ () C:\Users\Petro\AppData\Roaming\WB.CFG
2014-05-25 15:35 - 2014-05-25 15:35 - 00000000 ____D () C:\Users\Petro\Documents\Optimizer Pro
2014-05-25 15:35 - 2014-05-25 15:35 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Optimizer Pro
2014-05-25 15:31 - 2014-05-25 15:30 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DivX
2014-05-25 15:31 - 2014-05-25 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-25 15:31 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\DivX
2014-05-25 15:31 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-25 15:31 - 2014-04-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\DivX
2014-05-25 15:30 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-25 15:29 - 2014-05-25 15:29 - 00003226 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-05-25 15:29 - 2014-05-25 15:29 - 00001987 _____ () C:\Windows\unins000.dat
2014-05-25 15:29 - 2014-05-25 15:29 - 00001071 _____ () C:\Users\Petro\Desktop\Optimizer Pro.lnk
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\sweet-page
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\LavFilters
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DigitalSites
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\CDXReader
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-25 15:22 - 2014-05-25 15:22 - 00215920 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-TB3-0.6.11.2.xpi
2014-05-25 15:21 - 2014-05-25 15:21 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(2).xpi
2014-05-25 15:15 - 2014-05-25 15:15 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(1).xpi
2014-05-25 15:09 - 2014-05-25 15:09 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\ParetoLogic
2014-05-25 15:09 - 2014-05-25 15:09 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DriverCure
2014-05-25 15:08 - 2014-05-25 15:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Petro\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-25 15:06 - 2014-05-25 15:06 - 00000000 ____D () C:\Users\Petro\Downloads\outport
2014-05-25 15:03 - 2014-05-25 15:03 - 00417846 _____ () C:\Users\Petro\Downloads\outport-1.1.25.zip
2014-05-25 15:02 - 2014-05-25 15:02 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2.xpi
2014-05-25 14:52 - 2014-05-25 08:53 - 00038576 _____ () C:\Users\Petro\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-05-25 14:15 - 2012-03-20 21:23 - 00000021 _____ () C:\Users\Petro\AppData\Local\mc.pixel.data
2014-05-25 13:37 - 2014-05-25 09:52 - 00000000 ____D () C:\Users\Petro\Documents\MailStore Home
2014-05-25 13:29 - 2012-12-20 17:12 - 00002107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-05-25 13:29 - 2012-12-20 17:12 - 00002095 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-05-25 13:29 - 2012-12-20 17:12 - 00000000 ____D () C:\Users\Petro\AppData\Local\Thunderbird
2014-05-25 13:28 - 2014-05-25 13:28 - 21987152 _____ (Mozilla) C:\Users\Petro\Downloads\Thunderbird_Setup_24.5.0.exe
2014-05-25 11:58 - 2012-02-26 11:03 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-05-25 11:00 - 2014-05-25 11:00 - 00003134 _____ () C:\Windows\System32\Tasks\{05055B09-8873-456A-B081-A71D2D65866F}
2014-05-25 10:57 - 2014-05-25 10:57 - 04021568 _____ (Microsoft Corporation) C:\Users\Petro\Downloads\OutlookConnector.exe
2014-05-25 10:57 - 2013-04-19 14:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-25 10:33 - 2014-05-25 10:33 - 00001805 _____ () C:\Users\Public\Desktop\MailStore Client auf weiteren Rechnern installieren.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001282 _____ () C:\Users\Public\Desktop\Konfiguration des MailStore Server-Dienstes.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001222 _____ () C:\Users\Public\Desktop\MailStore Client.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Server
2014-05-25 09:51 - 2014-05-25 09:51 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316(1).exe
2014-05-25 09:51 - 2014-05-25 09:51 - 00001228 _____ () C:\Users\Public\Desktop\MailStore Home.lnk
2014-05-25 09:51 - 2014-05-25 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Home
2014-05-25 09:51 - 2014-05-25 09:10 - 00000000 ____D () C:\Program Files (x86)\deepinvent
2014-05-25 09:22 - 2014-05-25 09:22 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316.exe
2014-05-25 09:10 - 2014-05-25 09:10 - 00000000 ____D () C:\ProgramData\MailStore
2014-05-25 09:08 - 2014-05-25 09:07 - 38996392 _____ (MailStore Software GmbH ) C:\Users\Petro\Downloads\MailStoreServerSetup-8.1.2.9268.exe
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieUserList
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieSiteList
2014-05-25 07:57 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\Windows Live
2014-05-25 07:55 - 2013-09-06 10:10 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Windows Live Writer
2014-05-25 07:26 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\{3E05F4D0-A734-441C-8BC6-75ACD713DA63}
2014-05-25 07:26 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\{0C30DAB9-B502-4846-9832-B1D72C83FA76}
2014-05-20 19:08 - 2014-05-20 19:08 - 00007249 _____ () C:\Users\Petro\AppData\Local\recently-used.xbel
2014-05-20 19:08 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\AppData\Local\gtk-2.0
2014-05-20 19:08 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\.gimp-2.8
2014-05-20 18:53 - 2014-05-20 18:53 - 00000000 ____D () C:\Users\Petro\AppData\Local\webkit
2014-05-20 18:49 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\.thumbnails
2014-05-20 18:49 - 2012-02-16 19:34 - 00000000 ____D () C:\Users\Petro
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\AppData\Local\gegl-0.2
2014-05-20 17:46 - 2014-05-20 17:46 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-20 17:46 - 2014-05-20 17:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-20 17:42 - 2014-05-20 17:41 - 90396104 _____ (The GIMP Team ) C:\Users\Petro\Downloads\gimp-2.8.10-setup.exe
2014-05-18 10:42 - 2012-02-25 12:42 - 00856041 _____ () C:\Users\Petro\DesktopStCenter.txt
2014-05-17 17:25 - 2012-08-31 08:20 - 00095232 _____ () C:\Users\Petro\Desktop\Kopie von 110102 Nummern-1.xls
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DropboxMaster
2014-05-17 09:32 - 2013-02-02 08:52 - 00001022 _____ () C:\Users\Petro\Desktop\Dropbox.lnk
2014-05-17 09:32 - 2013-02-02 08:50 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-17 09:32 - 2012-02-16 19:34 - 00000000 ___RD () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 07:37 - 2012-04-03 06:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 07:37 - 2012-04-03 06:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 07:37 - 2011-12-17 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 04:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:37 - 2012-10-12 23:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 03:27 - 2012-02-16 19:34 - 00000000 ___RD () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:04 - 2013-08-02 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:02 - 2012-02-12 17:03 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-05-25 16:40 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 16:40 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2013-01-23 22:09 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 14:29 - 2014-05-11 14:29 - 00128064 _____ () C:\Users\Petro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 14:29 - 2014-05-11 14:28 - 02104944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 14:28 - 2014-05-11 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-07 18:12 - 2013-04-03 03:38 - 00000000 ____D () C:\Users\Petro\Documents\Mein Steuer-Sparbuch Heute
2014-05-07 18:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 06:40 - 2014-05-15 03:05 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 03:05 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 03:05 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 03:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 19:29 - 2013-03-31 12:13 - 00000750 _____ () C:\Windows\wiso.ini
2014-04-30 15:54 - 2011-12-17 15:52 - 00000000 ____D () C:\ProgramData\Sonic
Some content of TEMP:
====================
C:\Users\Petro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3qahak.dll
C:\Users\Petro\AppData\Local\Temp\optprosetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 00:45
==================== End Of Log ===========================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Petro at 2014-05-29 10:23:32
Running from C:\Users\Petro\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.85 - ACD Systems International)
Adobe Acrobat 9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Standard - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Album Art Downloader XUI 0.45 (HKLM-x32\...\Album Art Downloader XUI) (Version: 0.45 - hxxp://sourceforge.net/projects/album-art)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version: - ) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.24.2 - Dell)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E9F59205-F128-49A7-9039-4BDFB60EE4A3}) (Version: 1.5.420.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalenderdruck-Assistent für Microsoft Office Outlook 2007 (HKLM-x32\...\{90120000-00A7-0407-0000-0000000FF1CE}) (Version: 12.0.6520.3001 - Microsoft Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
MailStore Server 8.1.2.9268 (HKLM-x32\...\MailStore Server_is1) (Version: 8.1.2.9268 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.7.0.1451 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11400.27.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Newshosting (HKLM\...\{FE76A200-134E-48EC-8E90-3C124F16BC7F}) (Version: 1.6.1 - Newshosting)
NVIDIA 3D Vision Treiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.5.20 (Version: 1.5.20 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 3.4.1.1401 - QNAP Systems, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpamAssassin for Windows V1.2.1.15 (HKLM-x32\...\SpamAssassin for Windows_is1) (Version: 1.2.1.15 - JAM Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Sweet Page (HKLM-x32\...\sweet-page uninstaller) (Version: - sweet-page) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for Codec Pack (HKCU\...\Digital Sites) (Version: - Update for Codec Pack) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{0AF37F62-3243-4416-8392-BD0E16874B90}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XnView 1.99.6 (HKLM-x32\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Restore Points =========================
14-05-2014 04:49:50 Windows Update
15-05-2014 01:00:12 Windows Update
21-05-2014 19:12:56 Windows Update
25-05-2014 07:11:01 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-01-28 02:20 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {01127C8F-BB8F-4779-A853-6A175AF5D946} - System32\Tasks\Digital Sites => C:\Users\Petro\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {085A41EC-ED0E-4190-897C-80CEF4E216CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {4D2C894F-7729-46FE-AFBC-7588A204E9B7} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {5B5A6FCE-8A5A-4825-BAB0-C5C8975F32D9} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {B8A41010-1E52-49E0-B6D6-5F9A360477E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE30A8B5-FC74-4094-B763-6EAA57330AC4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {C4CB036F-B113-4B21-8DDE-2CEAF8A3B5EE} - System32\Tasks\AdobeAAMUpdater-1.0-PETER-Petro => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Petro\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-17 16:17 - 2011-07-20 15:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-28 03:26 - 2011-06-28 03:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 16:52 - 2011-06-29 16:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2014-03-02 12:36 - 2014-04-23 15:03 - 01430320 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-02-28 04:08 - 2010-02-28 04:08 - 01549152 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-02-26 11:03 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-12-17 15:31 - 2011-09-22 18:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 23:52 - 2010-03-22 23:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 07:20 - 2011-06-25 07:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-28 03:25 - 2011-06-28 03:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 07:32 - 2011-06-25 07:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 09787184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00035632 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00309040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00322864 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-03-02 12:34 - 2014-04-23 15:04 - 03807024 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00136496 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 02703152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 02001200 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01929520 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 04321072 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01562928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 05154096 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 01691440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01807152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01626416 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01115440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01329456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01257264 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 07326512 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01285936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01330480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-26 23:13 - 2014-05-26 23:13 - 00041984 _____ () c:\users\petro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3qahak.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Petro\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-05 17:49 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2014-02-05 17:49 - 2009-02-27 17:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2012-02-26 11:03 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-26 08:30 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-10-15 01:54 - 2011-10-15 01:54 - 00265536 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2014-02-15 16:52 - 2014-02-15 16:52 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-12-22 17:52 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-04-29 22:26 - 2014-04-24 19:51 - 03019888 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-04-29 22:26 - 2014-04-24 19:51 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-29 22:26 - 2014-04-24 19:51 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-05-15 07:37 - 2014-05-15 07:37 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Petro\Downloads\AlbumArtDownloaderXUI-0.45.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\CalendarPrintAssistant.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\Dropbox 2.4.7(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\Dropbox 2.4.7.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\FreeVideoFlipAndRotate(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\FreeVideoFlipAndRotate.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\iTunes64Setup(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\mp3tagv258setup.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE(2).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setup_dm_Fotowelt.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\SpamAssassinforWindows-Setup.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\spampal1594.exe:BDU
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: BirdieSync => C:\Program Files (x86)\BirdieSync\BirdieSync.exe -minimized
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
==================== Faulty Device Manager Devices =============
Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14419749
Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14419749
Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14410904
Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14410904
Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/27/2014 09:04:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14043.574, Zeitstempel: 0x52fb3224
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14079.176, Zeitstempel: 0x532a4adc
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008cf92
ID des fehlerhaften Prozesses: 0x808
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 68811822
Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 68811822
Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (05/27/2014 09:05:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/27/2014 09:04:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/26/2014 11:14:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}
Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14419749
Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14419749
Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14410904
Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14410904
Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/27/2014 09:04:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKProxy.exe1.5.14043.57452fb3224avkhttp.dll25.0.14079.176532a4adcc00004170008cf9280801cf79272cefbf70C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exeC:\Program Files (x86)\Common Files\G Data\AVKProxy\avkhttp.dlla9844007-e5d1-11e3-9a1d-848f69bcf115
Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 68811822
Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 68811822
Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 8086.17 MB
Available physical RAM: 3829.88 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 10572.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Programme) (Fixed) (Total:479 GB) (Free:304.22 GB) NTFS
Drive d: (Lokale Daten) (Fixed) (Total:200 GB) (Free:187.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=479 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=200 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
29.05.2014, 10:16
| #2 | |
| /// TB-Ausbilder   | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zitat:
Scan mit Combofix
|
|
30.05.2014, 12:35
| #3 |
| | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Hallo Matthias,
__________________vielen Dank für Deine schnelle Hilfe! Habe soeben versucht ComboFix herunterzuladen. Leider kommt immer folgende Fehlermeldung: "Webseite gesperrt! G Data InternetSecurity hat den Zugriff auf diese Webseite verweigert. Es handelt sich hierbei um eine bekannte Phishing-Seite." Habe anschließend versucht vor Download den Wächter, die Firewall, Autopilot und Virenschutz von Gdata kurz auszuschlaten (hoffe das war sinnvoll) aber selbst dann funktioniert der Download nicht. Kannst Du mir kurz einen Tipp geben? Danke! sushi Hallo, hat jetzt doch anders funktioniert. Nach Durchführung von Combofix fühlt sich der Rechner bzw. der Browser schon wieder anders (weniger fremdgeleitet) an... :-) Aber hier das Log-File von Combofix. Dank Dir nochmals! Code:
ATTFilter ComboFix 14-05-29.01 - Petro 29.05.2014 22:20:29.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8086.5263 [GMT 2:00]
ausgeführt von:: c:\users\Petro\Desktop\ComboFix.exe
AV: G Data InternetSecurity *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G Data Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data InternetSecurity *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1360263279.bdinstall.bin
c:\programdata\1392471428.bdinstall.bin
c:\programdata\Roaming
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\bootstrap.js
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\chrome.manifest
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\content\bg.js
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\install.rdf
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-28 bis 2014-05-29 ))))))))))))))))))))))))))))))
.
.
2014-05-29 08:22 . 2014-05-29 08:24 -------- d-----w- C:\FRST
2014-05-27 19:48 . 2014-05-27 19:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0376197B-E7D5-4D07-9D86-F2EBB88664DB}\offreg.dll
2014-05-25 19:58 . 2014-05-25 19:58 22016 ----a-w- c:\windows\system32\drivers\GDKBFlt64.sys
2014-05-25 17:55 . 2014-05-25 17:55 -------- d-----w- c:\programdata\3a5077e0758623c6
2014-05-25 17:55 . 2014-05-25 19:38 -------- d-----w- c:\programdata\RoyalCoupOnu
2014-05-25 14:41 . 2014-05-27 19:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-25 14:40 . 2014-05-25 14:40 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-05-25 14:40 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-25 14:40 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-25 13:35 . 2014-05-25 13:35 -------- d-----w- c:\users\Petro\AppData\Roaming\Optimizer Pro
2014-05-25 13:30 . 2014-05-25 13:31 -------- d-----w- c:\users\Petro\AppData\Roaming\DivX
2014-05-25 13:29 . 2014-05-25 13:31 -------- d-----w- c:\program files (x86)\DivX
2014-05-25 13:09 . 2014-05-25 13:09 -------- d-----w- c:\users\Petro\AppData\Roaming\ParetoLogic
2014-05-25 13:09 . 2014-05-25 13:09 -------- d-----w- c:\users\Petro\AppData\Roaming\DriverCure
2014-05-25 13:09 . 2014-05-26 05:57 -------- d-----w- c:\programdata\ParetoLogic
2014-05-25 07:21 . 2014-05-25 07:21 -------- d-----w- c:\users\Petro\AppData\Local\MailStore Temp
2014-05-25 07:15 . 2014-05-29 20:30 -------- d-----w- c:\programdata\firebird
2014-05-25 07:15 . 2014-05-29 20:30 -------- d-----w- C:\MailArchive
2014-05-25 07:10 . 2014-05-25 07:10 -------- d-----w- c:\programdata\MailStore
2014-05-25 07:10 . 2014-05-25 07:51 -------- d-----w- c:\program files (x86)\deepinvent
2014-05-25 06:37 . 2014-05-25 06:37 -------- d-sh--w- c:\users\Petro\AppData\Local\EmieUserList
2014-05-25 06:37 . 2014-05-25 06:37 -------- d-sh--w- c:\users\Petro\AppData\Local\EmieSiteList
2014-05-25 05:26 . 2014-05-25 05:57 -------- d-----w- c:\users\Petro\AppData\Local\Windows Live
2014-05-23 13:46 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0376197B-E7D5-4D07-9D86-F2EBB88664DB}\mpengine.dll
2014-05-20 16:53 . 2014-05-20 16:53 -------- d-----w- c:\users\Petro\AppData\Local\webkit
2014-05-20 16:49 . 2014-05-20 17:08 -------- d-----w- c:\users\Petro\AppData\Local\gtk-2.0
2014-05-20 16:49 . 2014-05-20 16:49 -------- d-----w- c:\users\Petro\.thumbnails
2014-05-20 16:47 . 2014-05-20 16:47 -------- d-----w- c:\users\Petro\AppData\Local\fontconfig
2014-05-20 16:47 . 2014-05-20 17:08 -------- d-----w- c:\users\Petro\.gimp-2.8
2014-05-20 16:47 . 2014-05-20 16:47 -------- d-----w- c:\users\Petro\AppData\Local\gegl-0.2
2014-05-20 15:45 . 2014-05-20 15:46 -------- d-----w- c:\program files\GIMP 2
2014-05-17 07:32 . 2014-05-17 07:32 -------- d-----w- c:\users\Petro\AppData\Roaming\DropboxMaster
2014-05-15 01:05 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 01:05 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 01:05 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 01:05 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 19:16 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-05-06 19:16 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-05-06 19:16 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-25 19:58 . 2014-02-15 13:58 68608 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2014-05-25 19:58 . 2014-02-15 13:57 64000 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2014-05-25 19:58 . 2014-02-15 13:57 65024 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2014-05-25 19:58 . 2014-02-15 13:57 135168 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2014-05-25 19:58 . 2014-02-15 13:57 57344 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2014-05-15 05:37 . 2012-04-03 04:50 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 05:37 . 2011-12-17 12:59 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 01:02 . 2012-02-12 15:03 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 05:25 . 2013-01-23 20:09 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-16 03:02 . 2014-04-16 03:02 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:44 . 2014-04-09 11:14 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 11:14 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 11:14 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 11:14 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 11:14 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 11:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 11:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 11:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 11:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 11:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 11:14 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-12-19 1724728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
c:\users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
Mediencenter Assistent.lnk - c:\program files\Telekom\Mediencenter\MediencenterSoftware.exe collapsedtray [2012-3-20 2401152]
Mediencenter.lnk - c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe [2013-10-1 562496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-3-2 1430320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 MailStoreServer;MailStore Server;c:\program files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe;c:\program files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:37]
.
2014-04-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2014-05-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2013-02-12 14:30 558592 ----a-w- c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2013-02-12 14:30 558592 ----a-w- c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2013-02-12 14:30 558592 ----a-w- c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401024587&from=cor&uid=ST9750420AS_6WS0FX3MXXXX6WS0FX3M&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\
FF - prefs.js: browser.search.selectedEngine - sweet-page
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Digital Sites - c:\users\Petro\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-29 22:36:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-29 20:36
.
Vor Suchlauf: 17 Verzeichnis(se), 331.862.716.416 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 331.556.458.496 Bytes frei
.
- - End Of File - - 1786B4928D3B515D14A2B1965BDB945C
da ich mir nicht sicher bin, ob Du meinen letzten Eintrag gelesen hast (da am Ende meines vorherigen Beitrags integriert war), anbei nochmals das ComboFix Log file. Konnte ComboFix doch noch installieren. Habe seither keine "Übernahmeprobleme" mehr im Browser, weiß aber nicht ob jetzt alles okay ist? Grüße sushi Code:
ATTFilter ComboFix 14-05-29.01 - Petro 29.05.2014 22:20:29.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8086.5263 [GMT 2:00]
ausgeführt von:: c:\users\Petro\Desktop\ComboFix.exe
AV: G Data InternetSecurity *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G Data Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data InternetSecurity *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1360263279.bdinstall.bin
c:\programdata\1392471428.bdinstall.bin
c:\programdata\Roaming
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\bootstrap.js
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\chrome.manifest
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\content\bg.js
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\install.rdf
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-28 bis 2014-05-29 ))))))))))))))))))))))))))))))
.
.
2014-05-29 08:22 . 2014-05-29 08:24 -------- d-----w- C:\FRST
2014-05-27 19:48 . 2014-05-27 19:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0376197B-E7D5-4D07-9D86-F2EBB88664DB}\offreg.dll
2014-05-25 19:58 . 2014-05-25 19:58 22016 ----a-w- c:\windows\system32\drivers\GDKBFlt64.sys
2014-05-25 17:55 . 2014-05-25 17:55 -------- d-----w- c:\programdata\3a5077e0758623c6
2014-05-25 17:55 . 2014-05-25 19:38 -------- d-----w- c:\programdata\RoyalCoupOnu
2014-05-25 14:41 . 2014-05-27 19:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-25 14:40 . 2014-05-25 14:40 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-05-25 14:40 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-25 14:40 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-25 13:35 . 2014-05-25 13:35 -------- d-----w- c:\users\Petro\AppData\Roaming\Optimizer Pro
2014-05-25 13:30 . 2014-05-25 13:31 -------- d-----w- c:\users\Petro\AppData\Roaming\DivX
2014-05-25 13:29 . 2014-05-25 13:31 -------- d-----w- c:\program files (x86)\DivX
2014-05-25 13:09 . 2014-05-25 13:09 -------- d-----w- c:\users\Petro\AppData\Roaming\ParetoLogic
2014-05-25 13:09 . 2014-05-25 13:09 -------- d-----w- c:\users\Petro\AppData\Roaming\DriverCure
2014-05-25 13:09 . 2014-05-26 05:57 -------- d-----w- c:\programdata\ParetoLogic
2014-05-25 07:21 . 2014-05-25 07:21 -------- d-----w- c:\users\Petro\AppData\Local\MailStore Temp
2014-05-25 07:15 . 2014-05-29 20:30 -------- d-----w- c:\programdata\firebird
2014-05-25 07:15 . 2014-05-29 20:30 -------- d-----w- C:\MailArchive
2014-05-25 07:10 . 2014-05-25 07:10 -------- d-----w- c:\programdata\MailStore
2014-05-25 07:10 . 2014-05-25 07:51 -------- d-----w- c:\program files (x86)\deepinvent
2014-05-25 06:37 . 2014-05-25 06:37 -------- d-sh--w- c:\users\Petro\AppData\Local\EmieUserList
2014-05-25 06:37 . 2014-05-25 06:37 -------- d-sh--w- c:\users\Petro\AppData\Local\EmieSiteList
2014-05-25 05:26 . 2014-05-25 05:57 -------- d-----w- c:\users\Petro\AppData\Local\Windows Live
2014-05-23 13:46 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0376197B-E7D5-4D07-9D86-F2EBB88664DB}\mpengine.dll
2014-05-20 16:53 . 2014-05-20 16:53 -------- d-----w- c:\users\Petro\AppData\Local\webkit
2014-05-20 16:49 . 2014-05-20 17:08 -------- d-----w- c:\users\Petro\AppData\Local\gtk-2.0
2014-05-20 16:49 . 2014-05-20 16:49 -------- d-----w- c:\users\Petro\.thumbnails
2014-05-20 16:47 . 2014-05-20 16:47 -------- d-----w- c:\users\Petro\AppData\Local\fontconfig
2014-05-20 16:47 . 2014-05-20 17:08 -------- d-----w- c:\users\Petro\.gimp-2.8
2014-05-20 16:47 . 2014-05-20 16:47 -------- d-----w- c:\users\Petro\AppData\Local\gegl-0.2
2014-05-20 15:45 . 2014-05-20 15:46 -------- d-----w- c:\program files\GIMP 2
2014-05-17 07:32 . 2014-05-17 07:32 -------- d-----w- c:\users\Petro\AppData\Roaming\DropboxMaster
2014-05-15 01:05 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 01:05 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 01:05 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 01:05 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 19:16 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-05-06 19:16 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-05-06 19:16 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-25 19:58 . 2014-02-15 13:58 68608 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2014-05-25 19:58 . 2014-02-15 13:57 64000 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2014-05-25 19:58 . 2014-02-15 13:57 65024 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2014-05-25 19:58 . 2014-02-15 13:57 135168 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2014-05-25 19:58 . 2014-02-15 13:57 57344 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2014-05-15 05:37 . 2012-04-03 04:50 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 05:37 . 2011-12-17 12:59 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 01:02 . 2012-02-12 15:03 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 05:25 . 2013-01-23 20:09 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-16 03:02 . 2014-04-16 03:02 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:44 . 2014-04-09 11:14 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 11:14 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 11:14 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 11:14 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 11:14 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 11:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 11:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 11:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 11:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 11:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 11:14 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-12-19 1724728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
c:\users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
Mediencenter Assistent.lnk - c:\program files\Telekom\Mediencenter\MediencenterSoftware.exe collapsedtray [2012-3-20 2401152]
Mediencenter.lnk - c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe [2013-10-1 562496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-3-2 1430320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 MailStoreServer;MailStore Server;c:\program files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe;c:\program files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:37]
.
2014-04-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2014-05-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2013-02-12 14:30 558592 ----a-w- c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2013-02-12 14:30 558592 ----a-w- c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2013-02-12 14:30 558592 ----a-w- c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401024587&from=cor&uid=ST9750420AS_6WS0FX3MXXXX6WS0FX3M&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\
FF - prefs.js: browser.search.selectedEngine - sweet-page
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Digital Sites - c:\users\Petro\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-29 22:36:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-29 20:36
.
Vor Suchlauf: 17 Verzeichnis(se), 331.862.716.416 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 331.556.458.496 Bytes frei
.
- - End Of File - - 1786B4928D3B515D14A2B1965BDB945C
|
|
30.05.2014, 15:10
| #4 |
| /// TB-Ausbilder | Win 7: Selbständige Internetseiten und Umleitung auf Werbung So geht es weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
31.05.2014, 14:13
| #5 |
| | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Hier meine Log files von folgendem: die Logdatei von AdwCleaner, die Logdatei von JRT der Rest folgt in Kürze AdwCleaner: Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 31/05/2014 um 00:12:01
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Petro - PETER
# Gestartet von : C:\Users\Petro\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\RoyalCoupOnu
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\Users\Petro\AppData\Local\DownTango
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Petro\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\firefoxdav@icloud.com
Datei Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Petro\Desktop\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "sweet-page");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "sweet-page");
Zeile gelöscht : user_pref("extensions.uo9.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
*************************
AdwCleaner[R0].txt - [7082 octets] - [31/05/2014 00:08:26]
AdwCleaner[S0].txt - [6501 octets] - [31/05/2014 00:12:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6561 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Petro on 31.05.2014 at 10:34:46,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Petro\appdata\local\{0C30DAB9-B502-4846-9832-B1D72C83FA76}
Successfully deleted: [Empty Folder] C:\Users\Petro\appdata\local\{26342882-BA78-4A09-92E2-20F68A6FE83E}
Successfully deleted: [Empty Folder] C:\Users\Petro\appdata\local\{3E05F4D0-A734-441C-8BC6-75ACD713DA63}
~~~ FireFox
Emptied folder: C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\minidumps [142 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2014 at 10:41:06,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
31.05.2014, 14:28
| #6 |
| /// TB-Ausbilder | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Ok, ich warte.  |
|
31.05.2014, 14:41
| #7 |
| | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Hallo, ich habe nun doch ein Problem (vermutl. bin ich nur zu doof) mit dem MBAM: ich finde kein Pull-Down-Menue (wie in Deiner Beschreibung) mit dem ich TXT zum Exportieren der Log-Files auswählen kann. Dh. ich finde die Logfiles als txt nicht, sondern nur als xml Dateien Also hier: C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \Logs Liegt: mbam-log-2014-05-31 (11-25-20).xml aber keine txt und ich finde nichts um das vorher umzustellen? Was soll ich machen? Danke! |
|
31.05.2014, 20:34
| #9 |
| | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Hallo, Du hattest natürlich recht :-) es geht, aber es ist in der 2.02 Version schon einen Ticken anders, als in Eurer Anleitung. Den Quick-Suchlauf gibt es in der Freeware so auch nicht mehr.... habe eben den Brohungssuchlauf gemacht... nunja, die Transferleistung auf die neue Version umzustellen, hat bei mir etwas gedauert ;-) Hier die restlichen Protokolle: die Logdatei von MBAM, die Logdatei von Zoek, die beiden neuen Logdateien von FRST. Ich hoffe nun ist alles richtig. DAnke nochmals!!! (habe ich auch schon mit einer Spende bekundet) MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 31.05.2014 Suchlauf-Zeit: 21:05:13 Logdatei: MBAM_log.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.31.09 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Petro Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 338308 Verstrichene Zeit: 15 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Petro on 31.05.2014 at 14:36:21,29.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petro\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
31.05.2014 14:37:18 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.de");
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Petro\AppData\Roaming\Thunderbird\Profiles\xzggaqf3.default\prefs.js:
Added to C:\Users\Petro\AppData\Roaming\Thunderbird\Profiles\xzggaqf3.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
user.js not found
---- Lines extensions.uo9 removed from prefs.js ----
user_pref("extensions.uo9.epoch", "1401438053");
user_pref("extensions.uo9.url", "hxxp://webdriiver.in/sync2/?q=hfZ9ojZSh75MCyVUojwMg708BNmGWj8wmihGheDUojw9rdkGqjw6qjwHrShIC7n0rjnEqjs4rdYGrdwHtNhVCT9
---- FireFox user.js and prefs.js backups ----
prefs__1444_.backup
ProfilePath: C:\Users\Petro\AppData\Roaming\Thunderbird\Profiles\xzggaqf3.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1444_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~3\3a5077e0758623c6 deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Program Files\Reimage deleted
C:\prefs.js deleted
C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\jetpack deleted
C:\Users\Petro\Desktop\Search.lnk deleted
"C:\Users\Petro\AppData\Roaming\GHISLER" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
- Ciuvo Preisvergleich - %ProfilePath%\extensions\extension@ciuvo.com.xpi
- Shoptimate - %ProfilePath%\extensions\support@shoptimate.com.xpi
- Bid-O-Matic Firefox Extension - %ProfilePath%\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
ProfilePath: C:\Users\Petro\AppData\Roaming\Thunderbird\Profiles\xzggaqf3.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Contact Tabs - %ProfilePath%\extensions\contacttabs@janek.org.xpi
- Extra Folder Columns - %ProfilePath%\extensions\extra-cols@jminta_gmail.com.xpi
- Lightning Calendar Tabs - %ProfilePath%\extensions\lightningcalendartabs@jlx.84.xpi
- Lightning Month Tabs - %ProfilePath%\extensions\lightningmonthtabs@jlx.84.xpi
- MoreFunctionsForAddressBook - %ProfilePath%\extensions\{3e17310d-82e8-4a43-bd2f-7c3055bfe589}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
54FC590185D7D00D65E53B9A5990DC14 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll - Shockwave Flash
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{87068D2F-8305-4BF8-9015-4471A124B3E8} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Internet Explorer\SearchScopes\{87068D2F-8305-4BF8-9015-4471A124B3E8} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BirdieSync deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Petro\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte f30\Microsoft\Windows\Temporary I 325\Content.IE5 emptied successfully
C:\Users\Petro\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte f30\Microsoft\Windows\Temporary I 325\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Petro\AppData\Local\Mozilla\Firefox\Profiles\xdcit4i9.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=109 folders=27 15955489 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Petro\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Petro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 31.05.2014 at 14:50:04,74 ======================
FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Petro (administrator) on PETER on 31-05-2014 15:05:05
Running from C:\Users\Petro\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(MailStore Software GmbH) C:\Program Files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
(Deutsche Telekom AG) C:\Users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => C:\Windows\system32\nvHotkey.dll [539456 2011-10-15] (NVIDIA Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-695438745-3103446122-1789299792-1000\...\Run: [WirelessManager] => C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe [194600 2010-07-28] (Ericsson AB)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kopie von Kopie von Kopie von Kopie von 20110529__Numbers8.xls ()
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
ShortcutTarget: Mediencenter Assistent.lnk -> C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ciuvo - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\extension@ciuvo.com.xpi [2013-01-19]
FF Extension: Shoptimate - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\support@shoptimate.com.xpi [2013-01-19]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2013-01-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-09]
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-01-19] (Microsoft)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 MailStoreServer; C:\Program Files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe [432240 2014-01-10] (MailStore Software GmbH)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2012-08-13] (Deutsche Telekom AG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-25] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-05-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-05-25] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-05-25] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-25] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-02-17] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-05-25] (G Data Software AG)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2011-10-15] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-31 14:47 - 2014-05-31 14:36 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-31 14:37 - 2014-05-31 14:50 - 00011332 _____ () C:\zoek-results.log
2014-05-31 14:36 - 2014-05-31 14:48 - 00000000 ____D () C:\zoek_backup
2014-05-31 11:22 - 2014-05-31 11:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-05-31 10:41 - 2014-05-31 10:41 - 00001210 _____ () C:\Users\Petro\Desktop\JRT.txt
2014-05-31 10:34 - 2014-05-31 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 10:31 - 2014-05-31 10:31 - 04095664 _____ () C:\Users\Petro\Desktop\zoek.zip
2014-05-31 10:31 - 2014-05-31 10:31 - 01285120 _____ () C:\Users\Petro\Desktop\zoek.exe
2014-05-31 10:29 - 2014-05-31 10:29 - 01016261 _____ (Thisisu) C:\Users\Petro\Desktop\JRT.exe
2014-05-31 00:08 - 2014-05-31 09:41 - 00000000 ____D () C:\AdwCleaner
2014-05-31 00:05 - 2014-05-31 00:05 - 01327971 _____ () C:\Users\Petro\Desktop\adwcleaner_3.211.exe
2014-05-30 12:51 - 2014-05-30 12:51 - 00807131 _____ () C:\Users\Petro\Downloads\MyContacts-2014-05-30-124847-410.vcf
2014-05-29 22:36 - 2014-05-29 22:36 - 00036346 _____ () C:\ComboFix.txt
2014-05-29 22:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-29 22:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-29 22:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-29 22:17 - 2014-05-29 22:36 - 00000000 ____D () C:\Qoobox
2014-05-29 22:17 - 2014-05-29 22:34 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 21:48 - 2014-05-29 21:49 - 05203398 ____R (Swearware) C:\Users\Petro\Desktop\ComboFix.exe
2014-05-29 10:23 - 2014-05-29 10:24 - 00042664 _____ () C:\Users\Petro\Desktop\Addition.txt
2014-05-29 10:22 - 2014-05-31 15:05 - 00027384 _____ () C:\Users\Petro\Desktop\FRST.txt
2014-05-29 10:22 - 2014-05-31 15:05 - 00000000 ____D () C:\FRST
2014-05-29 10:21 - 2014-05-29 10:21 - 00000472 _____ () C:\Users\Petro\Desktop\defogger_disable.log
2014-05-28 12:59 - 2014-05-28 12:59 - 00380416 _____ () C:\Users\Petro\Desktop\32zm573i.exe
2014-05-28 12:58 - 2014-05-28 12:58 - 02066944 _____ (Farbar) C:\Users\Petro\Desktop\FRST64.exe
2014-05-28 12:57 - 2014-05-28 12:57 - 00050477 _____ () C:\Users\Petro\Desktop\Defogger.exe
2014-05-26 08:30 - 2014-05-26 08:30 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-26 08:30 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-26 08:29 - 2014-05-26 08:29 - 28852416 _____ (Mozilla) C:\Users\Petro\Downloads\Firefox_Setup_de29.0.1.exe
2014-05-25 21:58 - 2014-05-25 21:58 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-25 21:58 - 2014-05-25 21:58 - 00002058 _____ () C:\Windows\DPINST.LOG
2014-05-25 21:58 - 2014-05-25 21:58 - 00001987 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-25 21:47 - 2014-05-25 21:47 - 00001518 _____ () C:\Mailware.txt
2014-05-25 20:05 - 2014-05-31 14:48 - 00080104 _____ () C:\Windows\PFRO.log
2014-05-25 16:53 - 2014-05-25 16:53 - 00526323 _____ () C:\Users\Petro\Downloads\web_of_trust_wot-20131118-fx.zip
2014-05-25 16:41 - 2014-05-31 11:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 16:40 - 2014-05-31 14:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-25 16:40 - 2014-05-31 11:23 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-25 16:40 - 2014-05-31 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-25 16:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 16:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 16:36 - 2014-05-25 16:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:29 - 2014-05-25 16:29 - 00000040 _____ () C:\Users\Petro\AppData\Roaming\WB.CFG
2014-05-25 15:30 - 2014-05-25 15:31 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DivX
2014-05-25 15:30 - 2014-05-25 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\DivX
2014-05-25 15:29 - 2014-05-25 15:31 - 00000000 ____D () C:\ProgramData\DivX
2014-05-25 15:29 - 2014-05-25 15:31 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-25 15:29 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-25 15:29 - 2014-05-25 15:29 - 00001987 _____ () C:\Windows\unins000.dat
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\LavFilters
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\CDXReader
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-25 15:29 - 2012-02-26 16:47 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-25 15:29 - 2012-01-09 20:45 - 00178688 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-25 15:29 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2014-05-25 15:29 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2014-05-25 15:29 - 2011-05-30 15:42 - 00255488 _____ () C:\Windows\system32\xvidvfw.dll
2014-05-25 15:29 - 2011-05-30 15:42 - 00240640 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-05-25 15:29 - 2011-05-23 11:52 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2014-05-25 15:29 - 2011-05-23 09:49 - 00173568 _____ () C:\Windows\system32\xvid.ax
2014-05-25 15:29 - 2011-05-23 09:46 - 00645632 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-05-25 15:29 - 2011-05-23 09:45 - 00696832 _____ () C:\Windows\system32\xvidcore.dll
2014-05-25 15:22 - 2014-05-25 15:22 - 00215920 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-TB3-0.6.11.2.xpi
2014-05-25 15:21 - 2014-05-25 15:21 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(2).xpi
2014-05-25 15:15 - 2014-05-25 15:15 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(1).xpi
2014-05-25 15:06 - 2014-05-25 15:06 - 00000000 ____D () C:\Users\Petro\Downloads\outport
2014-05-25 15:03 - 2014-05-25 15:03 - 00417846 _____ () C:\Users\Petro\Downloads\outport-1.1.25.zip
2014-05-25 15:02 - 2014-05-25 15:02 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2.xpi
2014-05-25 13:28 - 2014-05-25 13:28 - 21987152 _____ (Mozilla) C:\Users\Petro\Downloads\Thunderbird_Setup_24.5.0.exe
2014-05-25 11:00 - 2014-05-25 11:00 - 00003134 _____ () C:\Windows\System32\Tasks\{05055B09-8873-456A-B081-A71D2D65866F}
2014-05-25 10:57 - 2014-05-25 10:57 - 04021568 _____ (Microsoft Corporation) C:\Users\Petro\Downloads\OutlookConnector.exe
2014-05-25 10:33 - 2014-05-25 10:33 - 00001805 _____ () C:\Users\Public\Desktop\MailStore Client auf weiteren Rechnern installieren.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001282 _____ () C:\Users\Public\Desktop\Konfiguration des MailStore Server-Dienstes.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001222 _____ () C:\Users\Public\Desktop\MailStore Client.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Server
2014-05-25 09:52 - 2014-05-25 13:37 - 00000000 ____D () C:\Users\Petro\Documents\MailStore Home
2014-05-25 09:51 - 2014-05-25 09:51 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316(1).exe
2014-05-25 09:51 - 2014-05-25 09:51 - 00001228 _____ () C:\Users\Public\Desktop\MailStore Home.lnk
2014-05-25 09:51 - 2014-05-25 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Home
2014-05-25 09:22 - 2014-05-25 09:22 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316.exe
2014-05-25 09:15 - 2014-05-31 14:50 - 00000000 ____D () C:\ProgramData\firebird
2014-05-25 09:15 - 2014-05-31 14:49 - 00000000 ____D () C:\MailArchive
2014-05-25 09:10 - 2014-05-25 09:51 - 00000000 ____D () C:\Program Files (x86)\deepinvent
2014-05-25 09:10 - 2014-05-25 09:10 - 00000000 ____D () C:\ProgramData\MailStore
2014-05-25 09:07 - 2014-05-25 09:08 - 38996392 _____ (MailStore Software GmbH ) C:\Users\Petro\Downloads\MailStoreServerSetup-8.1.2.9268.exe
2014-05-25 08:53 - 2014-05-25 14:52 - 00038576 _____ () C:\Users\Petro\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieUserList
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieSiteList
2014-05-25 07:26 - 2014-05-25 07:57 - 00000000 ____D () C:\Users\Petro\AppData\Local\Windows Live
2014-05-20 19:08 - 2014-05-20 19:08 - 00007249 _____ () C:\Users\Petro\AppData\Local\recently-used.xbel
2014-05-20 18:53 - 2014-05-20 18:53 - 00000000 ____D () C:\Users\Petro\AppData\Local\webkit
2014-05-20 18:49 - 2014-05-20 19:08 - 00000000 ____D () C:\Users\Petro\AppData\Local\gtk-2.0
2014-05-20 18:49 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\.thumbnails
2014-05-20 18:47 - 2014-05-20 19:08 - 00000000 ____D () C:\Users\Petro\.gimp-2.8
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\AppData\Local\gegl-0.2
2014-05-20 17:46 - 2014-05-20 17:46 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-20 17:45 - 2014-05-20 17:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-20 17:41 - 2014-05-20 17:42 - 90396104 _____ (The GIMP Team ) C:\Users\Petro\Downloads\gimp-2.8.10-setup.exe
2014-05-17 09:32 - 2014-05-31 14:51 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DropboxMaster
2014-05-15 03:05 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:05 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:05 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:05 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:05 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:05 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 06:58 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 06:58 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 06:58 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 06:58 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 06:58 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 06:58 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 06:58 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 06:58 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 06:58 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 06:58 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 06:58 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 06:58 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 06:58 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 06:58 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 06:58 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 14:29 - 2014-05-11 14:29 - 00128064 _____ () C:\Users\Petro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 14:28 - 2014-05-31 14:48 - 00001723 _____ () C:\Windows\setupact.log
2014-05-11 14:28 - 2014-05-11 14:29 - 02104944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 14:28 - 2014-05-11 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-09 22:34 - 2014-05-26 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 21:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 21:15 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 21:15 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 21:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 21:15 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 21:15 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 21:15 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 21:15 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 21:15 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 21:15 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 21:15 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 21:15 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 21:15 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 21:15 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 21:15 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 21:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 21:15 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 21:15 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 21:15 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 21:15 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 21:15 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 21:15 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 21:15 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 21:15 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 21:15 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 21:15 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 21:15 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 21:15 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 21:15 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 21:15 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 21:15 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 21:15 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 21:15 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 21:15 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 21:15 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 21:15 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 21:15 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 21:15 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 21:15 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 21:15 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 21:15 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 21:15 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 21:15 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 21:15 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
==================== One Month Modified Files and Folders =======
2014-05-31 15:05 - 2014-05-29 10:22 - 00027384 _____ () C:\Users\Petro\Desktop\FRST.txt
2014-05-31 15:05 - 2014-05-29 10:22 - 00000000 ____D () C:\FRST
2014-05-31 15:03 - 2011-12-22 15:56 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-31 14:57 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 14:57 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 14:55 - 2014-02-17 20:31 - 01159082 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 14:53 - 2013-02-28 13:59 - 00000000 ___RD () C:\Users\Petro\Mediencenter
2014-05-31 14:51 - 2014-05-17 09:32 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DropboxMaster
2014-05-31 14:51 - 2013-02-02 08:52 - 00000000 ___RD () C:\Users\Petro\Dropbox
2014-05-31 14:51 - 2013-02-02 08:49 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Dropbox
2014-05-31 14:50 - 2014-05-31 14:37 - 00011332 _____ () C:\zoek-results.log
2014-05-31 14:50 - 2014-05-25 09:15 - 00000000 ____D () C:\ProgramData\firebird
2014-05-31 14:50 - 2011-12-17 15:31 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-31 14:49 - 2014-05-25 09:15 - 00000000 ____D () C:\MailArchive
2014-05-31 14:49 - 2011-12-17 15:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-31 14:49 - 2011-12-17 15:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-31 14:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 14:48 - 2014-05-31 14:36 - 00000000 ____D () C:\zoek_backup
2014-05-31 14:48 - 2014-05-25 20:05 - 00080104 _____ () C:\Windows\PFRO.log
2014-05-31 14:48 - 2014-05-11 14:28 - 00001723 _____ () C:\Windows\setupact.log
2014-05-31 14:48 - 2011-12-17 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-31 14:37 - 2012-04-03 06:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-31 14:36 - 2014-05-31 14:47 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-31 14:32 - 2014-05-25 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-31 11:25 - 2014-05-25 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 11:23 - 2014-05-31 11:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-05-31 11:23 - 2014-05-25 16:40 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-31 11:23 - 2014-05-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-31 10:41 - 2014-05-31 10:41 - 00001210 _____ () C:\Users\Petro\Desktop\JRT.txt
2014-05-31 10:34 - 2014-05-31 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 10:31 - 2014-05-31 10:31 - 04095664 _____ () C:\Users\Petro\Desktop\zoek.zip
2014-05-31 10:31 - 2014-05-31 10:31 - 01285120 _____ () C:\Users\Petro\Desktop\zoek.exe
2014-05-31 10:29 - 2014-05-31 10:29 - 01016261 _____ (Thisisu) C:\Users\Petro\Desktop\JRT.exe
2014-05-31 09:41 - 2014-05-31 00:08 - 00000000 ____D () C:\AdwCleaner
2014-05-31 00:17 - 2012-02-16 19:34 - 00000000 ___RD () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 00:16 - 2013-02-02 08:52 - 00001022 _____ () C:\Users\Petro\Desktop\Dropbox.lnk
2014-05-31 00:16 - 2013-02-02 08:50 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-31 00:15 - 2011-12-17 15:52 - 00000000 ____D () C:\ProgramData\Sonic
2014-05-31 00:05 - 2014-05-31 00:05 - 01327971 _____ () C:\Users\Petro\Desktop\adwcleaner_3.211.exe
2014-05-30 13:01 - 2013-10-06 20:37 - 00000000 ____D () C:\Users\Petro\AppData\Local\42F12FD7-AC63-4CF3-A877-21C804D57E47.aplzod
2014-05-30 13:01 - 2012-03-11 17:07 - 00000000 ____D () C:\Users\Petro\Documents\Outlook-Dateien
2014-05-30 12:51 - 2014-05-30 12:51 - 00807131 _____ () C:\Users\Petro\Downloads\MyContacts-2014-05-30-124847-410.vcf
2014-05-30 11:35 - 2010-11-21 08:50 - 00703214 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 11:35 - 2010-11-21 08:50 - 00150822 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 11:35 - 2009-07-14 07:13 - 01649782 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 22:36 - 2014-05-29 22:36 - 00036346 _____ () C:\ComboFix.txt
2014-05-29 22:36 - 2014-05-29 22:17 - 00000000 ____D () C:\Qoobox
2014-05-29 22:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-29 22:34 - 2014-05-29 22:17 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 22:31 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini
2014-05-29 22:29 - 2009-07-14 04:34 - 88604672 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-29 22:29 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-29 22:29 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-29 22:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-29 22:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-29 21:49 - 2014-05-29 21:48 - 05203398 ____R (Swearware) C:\Users\Petro\Desktop\ComboFix.exe
2014-05-29 20:16 - 2012-02-26 11:03 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-05-29 10:24 - 2014-05-29 10:23 - 00042664 _____ () C:\Users\Petro\Desktop\Addition.txt
2014-05-29 10:21 - 2014-05-29 10:21 - 00000472 _____ () C:\Users\Petro\Desktop\defogger_disable.log
2014-05-28 12:59 - 2014-05-28 12:59 - 00380416 _____ () C:\Users\Petro\Desktop\32zm573i.exe
2014-05-28 12:58 - 2014-05-28 12:58 - 02066944 _____ (Farbar) C:\Users\Petro\Desktop\FRST64.exe
2014-05-28 12:57 - 2014-05-28 12:57 - 00050477 _____ () C:\Users\Petro\Desktop\Defogger.exe
2014-05-26 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 23:11 - 2012-05-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-26 08:30 - 2014-05-26 08:30 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-26 08:30 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-09 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 08:29 - 2014-05-26 08:29 - 28852416 _____ (Mozilla) C:\Users\Petro\Downloads\Firefox_Setup_de29.0.1.exe
2014-05-25 21:58 - 2014-05-25 21:58 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-25 21:58 - 2014-05-25 21:58 - 00002058 _____ () C:\Windows\DPINST.LOG
2014-05-25 21:58 - 2014-05-25 21:58 - 00001987 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-25 21:58 - 2014-02-15 15:58 - 00068608 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00135168 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00065024 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00057344 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-05-25 21:57 - 2014-02-15 15:56 - 00000000 ____D () C:\ProgramData\G Data
2014-05-25 21:47 - 2014-05-25 21:47 - 00001518 _____ () C:\Mailware.txt
2014-05-25 16:53 - 2014-05-25 16:53 - 00526323 _____ () C:\Users\Petro\Downloads\web_of_trust_wot-20131118-fx.zip
2014-05-25 16:40 - 2013-01-21 22:16 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Malwarebytes
2014-05-25 16:40 - 2013-01-21 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 16:37 - 2014-05-25 16:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:29 - 2014-05-25 16:29 - 00000040 _____ () C:\Users\Petro\AppData\Roaming\WB.CFG
2014-05-25 15:31 - 2014-05-25 15:30 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DivX
2014-05-25 15:31 - 2014-05-25 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-25 15:31 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\DivX
2014-05-25 15:31 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-25 15:31 - 2014-04-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\DivX
2014-05-25 15:30 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-25 15:29 - 2014-05-25 15:29 - 00001987 _____ () C:\Windows\unins000.dat
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\LavFilters
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\CDXReader
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-25 15:22 - 2014-05-25 15:22 - 00215920 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-TB3-0.6.11.2.xpi
2014-05-25 15:21 - 2014-05-25 15:21 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(2).xpi
2014-05-25 15:15 - 2014-05-25 15:15 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(1).xpi
2014-05-25 15:06 - 2014-05-25 15:06 - 00000000 ____D () C:\Users\Petro\Downloads\outport
2014-05-25 15:03 - 2014-05-25 15:03 - 00417846 _____ () C:\Users\Petro\Downloads\outport-1.1.25.zip
2014-05-25 15:02 - 2014-05-25 15:02 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2.xpi
2014-05-25 14:52 - 2014-05-25 08:53 - 00038576 _____ () C:\Users\Petro\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-05-25 14:15 - 2012-03-20 21:23 - 00000021 _____ () C:\Users\Petro\AppData\Local\mc.pixel.data
2014-05-25 13:37 - 2014-05-25 09:52 - 00000000 ____D () C:\Users\Petro\Documents\MailStore Home
2014-05-25 13:29 - 2012-12-20 17:12 - 00002107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-05-25 13:29 - 2012-12-20 17:12 - 00002095 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-05-25 13:29 - 2012-12-20 17:12 - 00000000 ____D () C:\Users\Petro\AppData\Local\Thunderbird
2014-05-25 13:28 - 2014-05-25 13:28 - 21987152 _____ (Mozilla) C:\Users\Petro\Downloads\Thunderbird_Setup_24.5.0.exe
2014-05-25 11:00 - 2014-05-25 11:00 - 00003134 _____ () C:\Windows\System32\Tasks\{05055B09-8873-456A-B081-A71D2D65866F}
2014-05-25 10:57 - 2014-05-25 10:57 - 04021568 _____ (Microsoft Corporation) C:\Users\Petro\Downloads\OutlookConnector.exe
2014-05-25 10:57 - 2013-04-19 14:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-25 10:33 - 2014-05-25 10:33 - 00001805 _____ () C:\Users\Public\Desktop\MailStore Client auf weiteren Rechnern installieren.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001282 _____ () C:\Users\Public\Desktop\Konfiguration des MailStore Server-Dienstes.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001222 _____ () C:\Users\Public\Desktop\MailStore Client.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Server
2014-05-25 09:51 - 2014-05-25 09:51 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316(1).exe
2014-05-25 09:51 - 2014-05-25 09:51 - 00001228 _____ () C:\Users\Public\Desktop\MailStore Home.lnk
2014-05-25 09:51 - 2014-05-25 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Home
2014-05-25 09:51 - 2014-05-25 09:10 - 00000000 ____D () C:\Program Files (x86)\deepinvent
2014-05-25 09:22 - 2014-05-25 09:22 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316.exe
2014-05-25 09:10 - 2014-05-25 09:10 - 00000000 ____D () C:\ProgramData\MailStore
2014-05-25 09:08 - 2014-05-25 09:07 - 38996392 _____ (MailStore Software GmbH ) C:\Users\Petro\Downloads\MailStoreServerSetup-8.1.2.9268.exe
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieUserList
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieSiteList
2014-05-25 07:57 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\Windows Live
2014-05-25 07:55 - 2013-09-06 10:10 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Windows Live Writer
2014-05-20 19:08 - 2014-05-20 19:08 - 00007249 _____ () C:\Users\Petro\AppData\Local\recently-used.xbel
2014-05-20 19:08 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\AppData\Local\gtk-2.0
2014-05-20 19:08 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\.gimp-2.8
2014-05-20 18:53 - 2014-05-20 18:53 - 00000000 ____D () C:\Users\Petro\AppData\Local\webkit
2014-05-20 18:49 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\.thumbnails
2014-05-20 18:49 - 2012-02-16 19:34 - 00000000 ____D () C:\Users\Petro
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\AppData\Local\gegl-0.2
2014-05-20 17:46 - 2014-05-20 17:46 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-20 17:46 - 2014-05-20 17:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-20 17:42 - 2014-05-20 17:41 - 90396104 _____ (The GIMP Team ) C:\Users\Petro\Downloads\gimp-2.8.10-setup.exe
2014-05-18 10:42 - 2012-02-25 12:42 - 00856041 _____ () C:\Users\Petro\DesktopStCenter.txt
2014-05-17 17:25 - 2012-08-31 08:20 - 00095232 _____ () C:\Users\Petro\Desktop\Kopie von 110102 Nummern-1.xls
2014-05-15 07:37 - 2012-04-03 06:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 07:37 - 2012-04-03 06:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 07:37 - 2011-12-17 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 04:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:37 - 2012-10-12 23:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 03:27 - 2012-02-16 19:34 - 00000000 ___RD () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:04 - 2013-08-02 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:02 - 2012-02-12 17:03 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-05-25 16:40 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 16:40 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2013-01-23 22:09 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 14:29 - 2014-05-11 14:29 - 00128064 _____ () C:\Users\Petro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 14:29 - 2014-05-11 14:28 - 02104944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 14:28 - 2014-05-11 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-07 18:12 - 2013-04-03 03:38 - 00000000 ____D () C:\Users\Petro\Documents\Mein Steuer-Sparbuch Heute
2014-05-07 18:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 06:40 - 2014-05-15 03:05 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 03:05 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 03:05 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 03:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 19:29 - 2013-03-31 12:13 - 00000750 _____ () C:\Windows\wiso.ini
Some content of TEMP:
====================
C:\Users\Petro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwvzfqd.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 00:45
==================== End Of Log ============================
Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Petro at 2014-05-31 15:06:20
Running from C:\Users\Petro\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.85 - ACD Systems International)
Adobe Acrobat 9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Standard - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Album Art Downloader XUI 0.45 (HKLM-x32\...\Album Art Downloader XUI) (Version: 0.45 - hxxp://sourceforge.net/projects/album-art)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version: - ) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.24.2 - Dell)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E9F59205-F128-49A7-9039-4BDFB60EE4A3}) (Version: 1.5.420.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalenderdruck-Assistent für Microsoft Office Outlook 2007 (HKLM-x32\...\{90120000-00A7-0407-0000-0000000FF1CE}) (Version: 12.0.6520.3001 - Microsoft Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
MailStore Server 8.1.2.9268 (HKLM-x32\...\MailStore Server_is1) (Version: 8.1.2.9268 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.7.0.1451 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11400.27.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Newshosting (HKLM\...\{FE76A200-134E-48EC-8E90-3C124F16BC7F}) (Version: 1.6.1 - Newshosting)
NVIDIA 3D Vision Treiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.5.20 (Version: 1.5.20 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 3.4.1.1401 - QNAP Systems, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpamAssassin for Windows V1.2.1.15 (HKLM-x32\...\SpamAssassin for Windows_is1) (Version: 1.2.1.15 - JAM Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{0AF37F62-3243-4416-8392-BD0E16874B90}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XnView 1.99.6 (HKLM-x32\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Restore Points =========================
25-05-2014 07:11:01 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
29-05-2014 20:18:11 ComboFix created restore point
30-05-2014 09:35:42 Windows Update
31-05-2014 12:37:04 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-29 22:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {085A41EC-ED0E-4190-897C-80CEF4E216CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {4D2C894F-7729-46FE-AFBC-7588A204E9B7} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {5B5A6FCE-8A5A-4825-BAB0-C5C8975F32D9} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {B8A41010-1E52-49E0-B6D6-5F9A360477E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE30A8B5-FC74-4094-B763-6EAA57330AC4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {C4CB036F-B113-4B21-8DDE-2CEAF8A3B5EE} - System32\Tasks\AdobeAAMUpdater-1.0-PETER-Petro => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-02-26 11:03 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-12-17 15:31 - 2011-09-22 18:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2011-12-17 16:17 - 2011-07-20 15:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-28 03:26 - 2011-06-28 03:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2014-03-02 12:36 - 2014-04-23 15:03 - 01430320 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2011-06-29 16:52 - 2011-06-29 16:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 23:52 - 2010-03-22 23:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 07:20 - 2011-06-25 07:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-28 03:25 - 2011-06-28 03:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 07:32 - 2011-06-25 07:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 09787184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00035632 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00309040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00322864 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-03-02 12:34 - 2014-04-23 15:04 - 03807024 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00136496 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 02703152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 02001200 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01929520 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 04321072 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01562928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 05154096 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 01691440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01807152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01626416 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01115440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01329456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01257264 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 07326512 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01285936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01330480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-31 14:50 - 2014-05-31 14:50 - 00043008 _____ () c:\users\petro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwvzfqd.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Petro\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-05 17:49 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2014-02-05 17:49 - 2009-02-27 17:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2012-02-26 11:03 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-15 16:52 - 2014-02-15 16:52 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-12-22 17:52 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-26 08:30 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-10-15 01:54 - 2011-10-15 01:54 - 00265536 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Petro\Downloads\AlbumArtDownloaderXUI-0.45.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\CalendarPrintAssistant.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\Dropbox 2.4.7(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\Dropbox 2.4.7.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\FreeVideoFlipAndRotate(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\FreeVideoFlipAndRotate.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\iTunes64Setup(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\mp3tagv258setup.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE(2).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setup_dm_Fotowelt.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\SpamAssassinforWindows-Setup.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\spampal1594.exe:BDU
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/31/2014 02:49:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/31/2014 02:51:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}
Error: (05/31/2014 02:48:04 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst G Data Personal Firewall konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (05/31/2014 02:44:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 02:44:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 02:44:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 02:44:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 02:44:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 11:18:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (05/31/2014 02:49:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-05-29 22:27:39.916
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-29 22:27:39.854
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 8086.17 MB
Available physical RAM: 5273.77 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 12477.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Programme) (Fixed) (Total:479 GB) (Free:308 GB) NTFS
Drive d: (Lokale Daten) (Fixed) (Total:200 GB) (Free:190.51 GB) NTFS
Drive x: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=479 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=200 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
31.05.2014, 20:55
| #10 |
| /// TB-Ausbilder | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
01.06.2014, 21:28
| #11 |
| | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Hallo, hier folgende Logfiles: die Logdatei von FRST, die Logdatei von SystemLook, die Logdatei von ESET, die Logdatei von SecurityCheck. Habe SecurityCheck ein zweites mal laufen lassen müssen, da ich ds log-file nach dem ersten mal nicht finden konnte. Wegen der Deinstallation: ist es nicht sinnvoll einige Tools zu behalten und diese bei Gelegenheit laufen zu lassen z.B. adaware oder malewarebytes? (also nicht diejenigen mit denen ich/man (nicht umbedingt) Schaden anrichten kann?). Aber dazu ja später.... Danke + Grüße sushi FRST: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by Petro at 2014-06-01 15:07:30 Run:1
Running from C:\Users\Petro\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Reboot:
end
*****************
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5601E53-B1EF-4AE2-A744-3855B557F594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5601E53-B1EF-4AE2-A744-3855B557F594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 16:58 on 01/06/2014 by Petro
Administrator - Elevation successful
========== regfind ==========
Searching for "Codec Pack Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayIcon"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallString"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe /Uninstall /NM="Codec Pack Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Codec Pack Packages""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayName"="Codec Pack Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallerPath"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayIcon"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallString"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe /Uninstall /NM="Codec Pack Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Codec Pack Packages""
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayName"="Codec Pack Packages"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallerPath"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages"
Searching for "RoyalCoupOnu"
No data found.
Searching for "ParetoLogic"
No data found.
Searching for "Red Sky"
No data found.
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc. "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
<p>Konvertiere Filmmaterial ganz einfach in DivX-Videos, um sie auf mehr als 1 Milliarde DivX-Geräten wiederzugeben.</p>
<ul>
<li>Erstelle DivX-Videos in hoher Qualität, z. B. DivX HEVC-Videos mit einer Auflösung von bis zu 4K</li>
<li>Passe Deine Codierung mit AviSynth-Unterstützung individuell an</li>
<li>Drehe, kombiniere und füge Untertitel und Audio zu Deinen Videos hinzu</li>
</ul>
<br/>
<p><i>*DivX HEVC-Plugin erforderlich</i></p>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\HEVCCodec]
"Description"="
<p>Hole Dir das kostenlose DivX HEVC-Plugin und erlebe den neuesten Videostandard für Qualität und Komprimierung</p>
<ul>
<li>In DivX Converter, Player und Web Player werden neue DivX HEVC-Profile unterstützt</li>
<li>Erstelle DivX HEVC-Videos mit einer geringeren Dateigröße als bei H.264</li>
<li>Schaue DivX HEVC-Videos an - auf jedem Computer, in Deinem Lieblings-Browser</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
<p>Hochwertige Wiedergabe von DivX, DivX Plus HD und DivX HEVC-Video bis zu 4K</p>
<ul>
<li>Optimiert für die Wiedergabe der beliebtesten Videoformate im Internet</li>
<li>DivX Media Server streamt MKV zur PS3, Xbox und anderen Geräten</li>
<li>Experimenteller DLNA-Controller für die Wiedergabe von DivX-Videos auf lokalen Geräten</li>
</ul>
<br/>
<p><i>*DivX HEVC-Plugin erforderlich</i></p>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
<p>Spiele, erstelle und streame DivX-Videos in hoher Qualität, z. B. HEVC* mit einer Auflösung von bis zu 4K. Das beste DivX Video-Erlebnis erhältst Du, <i>wenn Du alle Komponenten installierst.</i></p>
<!-- Leave the 1st <p> tag line, because it is used on other installer page. -->
<p>Eine neue Version der DivX-Software (10.2) ist verfügbar. Vollständige Liste der <a href="hxxp://go.divx.com/WhatsNew/de" target="_blank">Neuheiten</a>:</p>
<ul>
<li>verbesserter DivX HEVC-Decoder</li>
<li>neue Architektur zur Codec-Verteilung</li>
<li>Problem durch zufällige Abstürze bei DivX Media Server behoben</li>
<li>DivX Codec Pack-Option aus Hauptpaket entfernt</li>
<li>weitere Fehlerbereinigungen</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
<ul>
<li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
<p>Effizientes, reibungsloses MKV-Streaming in Deinem Browser</p>
<ul>
<li>Adaptives Bitrate-Streaming mit experimenteller Unterstützung für DivX HEVC*-Streams</li>
<li>Problemlose Wiedergabe des FF/RW-Formats, Abschnittsmarkierungen, Unterstützung mehrerer Untertitel und Tonspuren</li>
<li>Weniger CPU- und Akkuverbrauch mit H.264-DXVA-Hardwarebeschleunigung</li>
</ul>
<br/>
<p><i>*DivX HEVC-Plugin erforderlich</i></p>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc. "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1 "
-= EOF =-
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4325ea3c3eb24342b12d0ebf1a624ff4
# engine=18501
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-01 03:47:44
# local_time=2014-06-01 05:47:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 115651 153267514 0 0
# scanned=64953
# found=2
# cleaned=0
# scan_time=1885
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petro\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
Code:
ATTFilter en Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
G Data InternetSecurity
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 13.0.0.214
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
G Data InternetSecurity Firewall GDFirewallTray.exe
G Data InternetSecurity Firewall GDFwSvcx64.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
hier die fehlenden logfiles. Kann es sein, daß ich Dir soeben aus Versehen direkt geantwortet habe?... Hier also nochmal die restlichen logfiles. Mußte Security check 2x laufen lassen, da ich das logfile nicht finden konnte. die Logdatei von FRST, die Logdatei von SystemLook, die Logdatei von ESET, die Logdatei von SecurityCheck. FRST: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by Petro at 2014-06-01 15:07:30 Run:1
Running from C:\Users\Petro\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Reboot:
end
*****************
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5601E53-B1EF-4AE2-A744-3855B557F594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5601E53-B1EF-4AE2-A744-3855B557F594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 16:58 on 01/06/2014 by Petro
Administrator - Elevation successful
========== regfind ==========
Searching for "Codec Pack Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayIcon"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallString"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe /Uninstall /NM="Codec Pack Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Codec Pack Packages""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayName"="Codec Pack Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallerPath"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayIcon"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallString"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe /Uninstall /NM="Codec Pack Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Codec Pack Packages""
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayName"="Codec Pack Packages"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallerPath"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages"
Searching for "RoyalCoupOnu"
No data found.
Searching for "ParetoLogic"
No data found.
Searching for "Red Sky"
No data found.
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc. "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
<p>Konvertiere Filmmaterial ganz einfach in DivX-Videos, um sie auf mehr als 1 Milliarde DivX-Geräten wiederzugeben.</p>
<ul>
<li>Erstelle DivX-Videos in hoher Qualität, z. B. DivX HEVC-Videos mit einer Auflösung von bis zu 4K</li>
<li>Passe Deine Codierung mit AviSynth-Unterstützung individuell an</li>
<li>Drehe, kombiniere und füge Untertitel und Audio zu Deinen Videos hinzu</li>
</ul>
<br/>
<p><i>*DivX HEVC-Plugin erforderlich</i></p>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\HEVCCodec]
"Description"="
<p>Hole Dir das kostenlose DivX HEVC-Plugin und erlebe den neuesten Videostandard für Qualität und Komprimierung</p>
<ul>
<li>In DivX Converter, Player und Web Player werden neue DivX HEVC-Profile unterstützt</li>
<li>Erstelle DivX HEVC-Videos mit einer geringeren Dateigröße als bei H.264</li>
<li>Schaue DivX HEVC-Videos an - auf jedem Computer, in Deinem Lieblings-Browser</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
<p>Hochwertige Wiedergabe von DivX, DivX Plus HD und DivX HEVC-Video bis zu 4K</p>
<ul>
<li>Optimiert für die Wiedergabe der beliebtesten Videoformate im Internet</li>
<li>DivX Media Server streamt MKV zur PS3, Xbox und anderen Geräten</li>
<li>Experimenteller DLNA-Controller für die Wiedergabe von DivX-Videos auf lokalen Geräten</li>
</ul>
<br/>
<p><i>*DivX HEVC-Plugin erforderlich</i></p>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
<p>Spiele, erstelle und streame DivX-Videos in hoher Qualität, z. B. HEVC* mit einer Auflösung von bis zu 4K. Das beste DivX Video-Erlebnis erhältst Du, <i>wenn Du alle Komponenten installierst.</i></p>
<!-- Leave the 1st <p> tag line, because it is used on other installer page. -->
<p>Eine neue Version der DivX-Software (10.2) ist verfügbar. Vollständige Liste der <a href="hxxp://go.divx.com/WhatsNew/de" target="_blank">Neuheiten</a>:</p>
<ul>
<li>verbesserter DivX HEVC-Decoder</li>
<li>neue Architektur zur Codec-Verteilung</li>
<li>Problem durch zufällige Abstürze bei DivX Media Server behoben</li>
<li>DivX Codec Pack-Option aus Hauptpaket entfernt</li>
<li>weitere Fehlerbereinigungen</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
<ul>
<li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
<p>Effizientes, reibungsloses MKV-Streaming in Deinem Browser</p>
<ul>
<li>Adaptives Bitrate-Streaming mit experimenteller Unterstützung für DivX HEVC*-Streams</li>
<li>Problemlose Wiedergabe des FF/RW-Formats, Abschnittsmarkierungen, Unterstützung mehrerer Untertitel und Tonspuren</li>
<li>Weniger CPU- und Akkuverbrauch mit H.264-DXVA-Hardwarebeschleunigung</li>
</ul>
<br/>
<p><i>*DivX HEVC-Plugin erforderlich</i></p>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc. "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1 "
-= EOF =-
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4325ea3c3eb24342b12d0ebf1a624ff4
# engine=18501
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-01 03:47:44
# local_time=2014-06-01 05:47:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 115651 153267514 0 0
# scanned=64953
# found=2
# cleaned=0
# scan_time=1885
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petro\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
Code:
ATTFilter en Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
G Data InternetSecurity
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 13.0.0.214
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
G Data InternetSecurity Firewall GDFirewallTray.exe
G Data InternetSecurity Firewall GDFwSvcx64.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
02.06.2014, 14:28
| #12 |
| /// TB-Ausbilder | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages" /f
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf. Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
05.06.2014, 15:54
| #13 |
| /// TB-Ausbilder | Win 7: Selbständige Internetseiten und Umleitung auf Werbung Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Win 7: Selbständige Internetseiten und Umleitung auf Werbung |
| antivirus, association, bonjour, browser, desktop, device driver, downloader, dsl, dvdvideosoft ltd., error, excel, firefox, flash player, home, homepage, mozilla, newtab, realtek, registry, safer networking, scan, security, software, svchost.exe, system, usb, vista, werbung, windows, wiso |
Linear-Darstellung
