|
Log-Analyse und Auswertung: Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes FundeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.08.2014, 19:13 | #1 |
| Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde Hallo zusammen, ich habe folgendes Problem: vorgestern habe ich abends meinen PC eingeschaltet und er hat ewig zum Booten gebraucht. Als er dann endlich gebootet hatte, war eine Partition einer Datenplatte auf einmal unformatiert (RAW). Sie ließ sich nicht anklicken und auch nicht neu formatieren. Nach dem Virenscanner, der nichts gefunden hat (Avira) habe ich Malwarebytes laufen lassen, das ca 90 Funde hatte. Ich habe die alle in die Quarantäne verschoben. Heute ließ sich die Platte formatieren und damit auch die Langsamkeit beseitigen (habe ich nicht verstanden) aber das ungute Gefühl wegen der Malware bleibt. Dann bin ich auf das Forum hier gestoßen und hab einmal brav alles gemacht, was man laut To-Do machen sollte. Vielleicht weiß hier ja jemand etwas dazu. Die Logfiles füge ich ein: GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-07 19:54:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 SAMSUNG_SSD_830_Series rev.CXM03B1Q 238,47GB Running: Gmer-19357.exe; Driver: C:\Users\Max\AppData\Local\Temp\ufldypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff9000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80002ff9042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077da1465 2 bytes [DA, 77] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077da14bb 2 bytes [DA, 77] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077da1465 2 bytes [DA, 77] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077da14bb 2 bytes [DA, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [2408] entry point in ".rdata" section 00000000718371e6 .text C:\Users\Max\AppData\Local\Akamai\netsession_win.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077da1465 2 bytes [DA, 77] .text C:\Users\Max\AppData\Local\Akamai\netsession_win.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077da14bb 2 bytes [DA, 77] .text ... * 2 .text C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe[2912] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077da1465 2 bytes [DA, 77] .text C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe[2912] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000077da14bb 2 bytes [DA, 77] .text ... * 2 .text C:\Users\Max\AppData\Local\Akamai\netsession_win.exe[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077da1465 2 bytes [DA, 77] .text C:\Users\Max\AppData\Local\Akamai\netsession_win.exe[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077da14bb 2 bytes [DA, 77] .text ... * 2 .text C:\Users\Max\Downloads\Defogger.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077da1465 2 bytes [DA, 77] .text C:\Users\Max\Downloads\Defogger.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077da14bb 2 bytes [DA, 77] .text ... * 2 ---- Processes - GMER 2.1 ---- Library C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2476] (Copy Shell Extensions/Barracuda Networks, Inc.)(2014-03-12 06:46:22) 000007fef6400000 Library C:\Users\Max\AppData\Roaming\Copy\overlay\Brt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2476](2014-03-12 06:46:22) 000007fef4780000 Library C:\Users\Max\AppData\Roaming\Copy\Gui.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880](2014-02-04 14:27:02) 000007fef1180000 Library C:\Users\Max\AppData\Roaming\Copy\Brt.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880](2014-02-04 14:43:24) 000007feef500000 Library C:\Users\Max\AppData\Roaming\Copy\QtCore4.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 22:47:16) 000000006fe40000 Library C:\Users\Max\AppData\Roaming\Copy\QtGui4.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 22:47:16) 000000006f4b0000 Library C:\Users\Max\AppData\Roaming\Copy\AgentSync.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880](2014-02-0 000007feeea50000 Library C:\Users\Max\AppData\Roaming\Copy\CloudSync.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880](2014-02-0 000007feee4e0000 Library C:\Users\Max\AppData\Roaming\Copy\imageformats\qjpeg4.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 22:47:50) 000007feed170000 Library C:\Users\Max\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2912](2014-07-21 20:53:38) 00000000040a0000 Library c:\users\max\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdpjlr.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2912](2014-08-07 17:09:36) 00000000044e0000 Library C:\Users\Max\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2912](2013-10-18 23:55:02) 000000006b270000 Library C:\Users\Max\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2912] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006d960000 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014 Ran by Max (administrator) on MAX-PC on 07-08-2014 19:42:54 Running from C:\Users\Max\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Barracuda Networks, Inc.) C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe (Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Max\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKU\.DEFAULT\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [SkyDrive] => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-06] (Microsoft Corporation) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SkyDrive] => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-06] (Microsoft Corporation) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisallowRun] 1 AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91CEEDA11709CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF SelectedSearchEngine: Google FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\user.js FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\ich@maltegoetz.de [2014-07-09] FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\sparpilot@sparpilot.com [2014-08-07] FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: ImageHost Grabber - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2013-02-12] FF Extension: WEB.DE MailCheck - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\toolbar@web.de.xpi [2014-08-07] FF Extension: Google Translator for Firefox - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\translator@zoli.bod.xpi [2013-02-12] FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-12] FF Extension: Tab Mix Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-12] FF Extension: DownThemAll! - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-12] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-07-30] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Max\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation) S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X] S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 19:42 - 2014-08-07 19:43 - 00018979 _____ () C:\Users\Max\Downloads\FRST.txt 2014-08-07 19:42 - 2014-08-07 19:42 - 02094080 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2014-08-07 19:42 - 2014-08-07 19:42 - 00000000 ____D () C:\FRST 2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log 2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable 2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe 2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv 2014-08-07 18:40 - 2014-08-07 18:42 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv 2014-08-07 18:39 - 2014-08-07 18:39 - 00001038 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup 2014-08-07 18:38 - 2014-08-07 18:38 - 01101648 _____ () C:\Users\Max\Downloads\MozBackup - CHIP-Installer.exe 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239 2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_ 2014-08-07 18:30 - 2014-08-07 18:30 - 00000110 ___RH () C:\Users\Max\Downloads\Stinger.opt 2014-08-07 18:20 - 2014-08-07 18:30 - 00000000 ____D () C:\Program Files\stinger 2014-08-07 18:20 - 2014-08-07 18:24 - 00000858 _____ () C:\Users\Max\Downloads\Stinger_07082014_182019.html 2014-08-07 18:19 - 2014-08-07 18:19 - 12353896 _____ (McAfee Inc) C:\Users\Max\Downloads\stinger64_CB-DL-Manager [1].exe 2014-08-07 18:19 - 2014-08-07 18:19 - 00787392 _____ ( ) C:\Users\Max\Downloads\stinger64_CB-DL-Manager.exe 2014-08-07 07:23 - 2014-08-07 19:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-07 07:23 - 2014-08-07 07:23 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-07 07:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8 2014-08-06 23:37 - 2014-08-07 18:31 - 00000183 _____ () C:\Users\Max\Desktop\Amazon.de.url 2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a 2014-08-06 23:36 - 2014-08-06 23:36 - 01035152 _____ () C:\Users\Max\Downloads\HDD-Low-Level-Format-Tool-lnstall.exe 2014-08-06 23:09 - 2014-08-06 23:09 - 00000000 ____D () C:\Users\Max\Downloads\testdisk-7.0-WIP 2014-08-06 23:08 - 2014-08-06 23:09 - 09868751 _____ () C:\Users\Max\Downloads\testdisk-7.0-WIP.win64.zip 2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk 2014-08-03 09:46 - 2014-08-03 09:46 - 00000809 _____ () C:\Users\Max\Desktop\In Depth Latency Tests.lnk 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon 2014-08-03 09:46 - 2013-10-21 12:26 - 00025504 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys 2014-08-01 07:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-01 07:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-01 07:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-01 07:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-01 07:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-01 07:15 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-01 07:15 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-01 07:15 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-01 07:15 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg 2014-07-30 07:54 - 2014-08-07 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-07-25 19:16 - 2014-07-25 19:16 - 00000000 ____D () C:\Users\Max\Downloads\Euthymia_Electronic_Organ 2014-07-25 19:08 - 2014-07-27 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-23 21:52 - 2014-07-23 22:25 - 00000000 ____D () C:\Users\Max\Downloads\Cubase Elements 7 2014-07-09 07:25 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 07:25 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 07:25 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 07:25 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 07:25 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 07:25 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 07:25 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 07:25 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 07:25 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 07:25 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 07:25 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 07:25 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 07:25 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 07:25 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 07:25 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 07:25 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 07:25 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 07:25 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 07:25 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 07:25 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 07:25 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 07:25 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 07:25 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 07:25 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 07:25 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 07:25 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 07:25 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 07:25 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 07:25 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 07:25 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 07:25 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 07:25 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 07:25 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 07:25 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 07:25 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 07:25 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 07:25 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 07:25 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 07:25 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 07:25 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 07:25 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 07:25 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 07:25 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 07:25 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 07:25 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 07:25 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 07:25 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 07:25 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 07:25 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 07:25 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 07:25 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 07:25 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 07:25 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 07:25 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 07:25 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 07:25 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 07:25 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 07:25 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 07:25 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 07:25 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 07:25 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 07:25 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 07:25 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 07:25 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-09 07:25 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 19:43 - 2014-08-07 19:42 - 00018979 _____ () C:\Users\Max\Downloads\FRST.txt 2014-08-07 19:42 - 2014-08-07 19:42 - 02094080 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2014-08-07 19:42 - 2014-08-07 19:42 - 00000000 ____D () C:\FRST 2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log 2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable 2014-08-07 19:39 - 2013-02-12 13:34 - 00000000 ____D () C:\Users\Max 2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe 2014-08-07 19:31 - 2014-05-26 07:29 - 00005118 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Max-PC-Max Max-PC 2014-08-07 19:19 - 2014-08-07 07:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-07 19:18 - 2014-07-30 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-07 19:18 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-07 19:18 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-07 19:16 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat 2014-08-07 19:16 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat 2014-08-07 19:16 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-07 19:14 - 2013-02-12 13:30 - 01978306 _____ () C:\Windows\WindowsUpdate.log 2014-08-07 19:10 - 2014-03-12 08:46 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Copy 2014-08-07 19:10 - 2013-02-12 14:39 - 00000000 ___RD () C:\Users\Max\Dropbox 2014-08-07 19:10 - 2013-02-12 14:38 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Dropbox 2014-08-07 19:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-07 19:09 - 2009-07-14 06:51 - 00131116 _____ () C:\Windows\setupact.log 2014-08-07 18:53 - 2013-02-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-07 18:49 - 2013-02-12 15:07 - 00000000 ____D () C:\Users\Max\Downloads\JDownloader 2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv 2014-08-07 18:42 - 2014-08-07 18:40 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv 2014-08-07 18:39 - 2014-08-07 18:39 - 00001038 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup 2014-08-07 18:38 - 2014-08-07 18:38 - 01101648 _____ () C:\Users\Max\Downloads\MozBackup - CHIP-Installer.exe 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239 2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_ 2014-08-07 18:31 - 2014-08-06 23:37 - 00000183 _____ () C:\Users\Max\Desktop\Amazon.de.url 2014-08-07 18:30 - 2014-08-07 18:30 - 00000110 ___RH () C:\Users\Max\Downloads\Stinger.opt 2014-08-07 18:30 - 2014-08-07 18:20 - 00000000 ____D () C:\Program Files\stinger 2014-08-07 18:24 - 2014-08-07 18:20 - 00000858 _____ () C:\Users\Max\Downloads\Stinger_07082014_182019.html 2014-08-07 18:19 - 2014-08-07 18:19 - 12353896 _____ (McAfee Inc) C:\Users\Max\Downloads\stinger64_CB-DL-Manager [1].exe 2014-08-07 18:19 - 2014-08-07 18:19 - 00787392 _____ ( ) C:\Users\Max\Downloads\stinger64_CB-DL-Manager.exe 2014-08-07 18:13 - 2013-02-12 14:57 - 00093034 _____ () C:\Windows\PFRO.log 2014-08-07 07:23 - 2014-08-07 07:23 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Malwarebytes 2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 23:45 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8 2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a 2014-08-06 23:36 - 2014-08-06 23:36 - 01035152 _____ () C:\Users\Max\Downloads\HDD-Low-Level-Format-Tool-lnstall.exe 2014-08-06 23:26 - 2013-12-20 15:05 - 13144064 _____ () C:\Users\Max\AppData\Roaming\Sandra.mdb 2014-08-06 23:09 - 2014-08-06 23:09 - 00000000 ____D () C:\Users\Max\Downloads\testdisk-7.0-WIP 2014-08-06 23:09 - 2014-08-06 23:08 - 09868751 _____ () C:\Users\Max\Downloads\testdisk-7.0-WIP.win64.zip 2014-08-06 22:45 - 2014-03-06 00:18 - 00000000 ___RD () C:\Users\Max\OneDrive 2014-08-06 22:45 - 2014-03-06 00:17 - 00002198 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-08-06 07:51 - 2013-02-13 11:30 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc 2014-08-06 07:34 - 2013-02-12 15:06 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-08-05 07:29 - 2013-02-14 16:46 - 00000000 ____D () C:\Users\Max\Downloads\Musik 2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk 2014-08-03 09:46 - 2014-08-03 09:46 - 00000809 _____ () C:\Users\Max\Desktop\In Depth Latency Tests.lnk 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon 2014-08-01 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-30 22:23 - 2013-02-12 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-07-27 20:20 - 2014-07-25 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-27 20:20 - 2014-05-01 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak 2014-07-27 19:38 - 2013-03-04 13:17 - 00000000 ____D () C:\Users\Max\Downloads\ihg 2014-07-25 19:16 - 2014-07-25 19:16 - 00000000 ____D () C:\Users\Max\Downloads\Euthymia_Electronic_Organ 2014-07-24 16:18 - 2013-05-08 07:13 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-23 23:38 - 2013-04-13 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-23 22:25 - 2014-07-23 21:52 - 00000000 ____D () C:\Users\Max\Downloads\Cubase Elements 7 2014-07-23 21:13 - 2013-02-12 14:39 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-22 07:21 - 2014-07-05 15:43 - 00000000 ____D () C:\Users\Max\AppData\Local\Adobe 2014-07-09 17:45 - 2009-07-14 06:45 - 03056904 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 17:44 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 08:17 - 2013-08-14 08:20 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 08:16 - 2013-02-13 17:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-08 22:53 - 2013-02-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-08 22:53 - 2013-02-13 11:58 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-08 22:53 - 2013-02-13 11:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Max\AppData\Local\Temp\amazonicon_v8.exe C:\Users\Max\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Max\AppData\Local\Temp\AskSLib.dll C:\Users\Max\AppData\Local\Temp\avgnt.exe C:\Users\Max\AppData\Local\Temp\drm_dyndata_7390005.dll C:\Users\Max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdpjlr.dll C:\Users\Max\AppData\Local\Temp\FoxySecurity_6.2_GIGA_FF_IE_Setup.exe C:\Users\Max\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Max\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe C:\Users\Max\AppData\Local\Temp\HDDLLFsetup.4.12.exe C:\Users\Max\AppData\Local\Temp\MSETUP4.EXE C:\Users\Max\AppData\Local\Temp\OfficeSetup.exe C:\Users\Max\AppData\Local\Temp\sdanircmdc.exe C:\Users\Max\AppData\Local\Temp\sdapskill.exe C:\Users\Max\AppData\Local\Temp\sdaspwn.exe C:\Users\Max\AppData\Local\Temp\uninst1.exe C:\Users\Max\AppData\Local\Temp\uninstall.exe C:\Users\Max\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 21:15 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014 Ran by Max at 2014-08-07 19:43:13 Running from C:\Users\Max\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe After Effects CS4 (x32 Version: 9 - Adobe Systems Incorporated) Hidden Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden Adobe After Effects CS4 Template Projects & Footage (x32 Version: 9 - Adobe Systems Incorporated) Hidden Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Production Premium (HKLM-x32\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated) Adobe Creative Suite 4 Production Premium (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CS4 American English Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CS4 French Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CS4 German Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CS4 International English Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CS4 Italian Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CS4 Japanese Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CS4 Korean Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CS4 Spanish Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe Encore CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe Encore CS4 Library (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 STI-other (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Dolby (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe MotionPicture Color Files CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe OnLocation CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS4 Functional Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Soundbooth CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe Version Cue CS4 Server (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) ALDI Bestellsoftware 4.13 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.13 - ORWO Net) AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira) Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2210 - Brother Industries, Ltd.) Brother P-touch Update Software (HKLM-x32\...\{42036760-2DA4-43C4-A48A-9F90A0F1FA0E}) (Version: 1.0.0060 - Brother Industries, Ltd.) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - ) Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - ) Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Copy (HKLM\...\{664279F5-676C-47F5-BCAE-736A4689980D}) (Version: 1.42.277.0 - Barracuda Networks, Inc.) DigiTech RP350 ASIO (remove only) (HKLM-x32\...\DigiTech RP350 driver) (Version: - ) DigiTech X-Edit 2.3.1 (HKLM-x32\...\{2FEAEADA-1FBF-434D-8EE0-D136F5D21E75}) (Version: 2.3.1.2 - DigiTech) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.) DVDFab 8.2.2.7 (06/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.) eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2138 - Steinberg Media Technologies GmbH) EZdrummer Lite Edition 64 bit (HKLM\...\{3EE0A883-703C-44E1-B1E2-899E541B35F6}) (Version: 1.3.1 - Toontrack) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) FreeFileSync 5.12 (HKLM-x32\...\FreeFileSync) (Version: 5.12 - Zenju) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.) MAGIX Analogue Modelling Suite Plus (HKLM\...\MX.{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Analogue Modelling Suite Plus (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Burn routines (64-Bit) (HKLM\...\{49146694-5F5F-4B1F-AD15-6587F47A0FD7}) (Version: 9.0.0.212 - MAGIX AG) MAGIX Burn routines (HKLM\...\{A64B679B-E591-4C74-B74A-147E0CCEDCE4}) (Version: 11.0.0.238 - MAGIX Software GmbH) MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG) MAGIX essentialFX Suite (HKLM\...\MX.{CB7B17F4-3833-4699-890B-52C5D0AB926D}) (Version: 1.0.0.0 - MAGIX AG) MAGIX essentialFX Suite (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Independence Libraries Common Files (HKLM\...\MX.{34563DEE-79CD-4E2B-B41B-41A81B8188F0}) (Version: 3.2.0.0 - MAGIX AG) MAGIX Independence Libraries Common Files (Version: 3.2.0.0 - MAGIX AG) Hidden MAGIX Independence Pro 3.2 VST-Plugins (HKLM\...\MX.{CE4E2B9B-9D8C-4857-8BD5-230CE6E24A3B}) (Version: 3.2.0.0 - MAGIX AG) MAGIX Independence Pro 3.2 VST-Plugins (Version: 3.2.0.0 - MAGIX AG) Hidden MAGIX Independence Pro Software Suite 3.2 (HKLM-x32\...\MX.{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.2.0.91 - MAGIX AG) MAGIX Independence Pro Software Suite 3.2 (Version: 3.2.0.91 - MAGIX AG) Hidden MAGIX Low Latency Driver (64-Bit) (HKLM\...\{42976FDB-5756-4077-A491-095F228E99E2}) (Version: 2.10.2011.0 - MAGIX AG) MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{7A5D8D42-3688-47B3-B5BA-923B1DDFAA2B}) (Version: 20.0.0.28 - MAGIX AG) MAGIX Music Maker 2014 Premium (Version: 20.0.0.28 - MAGIX AG) Hidden MAGIX Music Maker 2014 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Music Maker 2014 Premium Update (Version: 20.0.3.45 - MAGIX AG) Hidden MAGIX Music Maker 2014 Premium Update (Version: 20.0.4.49 - MAGIX AG) Hidden MAGIX Music Maker 2014 Premium Update (Version: 20.0.5.56 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Music Studio 2 (HKLM-x32\...\MX.{B0A66D5D-A76E-4E9C-82F0-97211F0D0A66}) (Version: 20.0.0.10 - MAGIX AG) MAGIX Music Studio 2 (Version: 20.0.0.10 - MAGIX AG) Hidden Magix Music Studio 2 Update (Version: 20.0.2.16 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{CE49B99B-D42B-4F25-801A-5AA719CDA823}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden MAGIX Vandal VST-PlugIn (HKLM\...\MX.{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Vandal VST-PlugIn (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX VariVerb II VST-PlugIn (HKLM\...\MX.{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX AG) MAGIX VariVerb II VST-PlugIn (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Vintage Effects Suite (HKLM\...\MX.{48978B41-9CD5-4274-9519-B622DD89727D}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Vintage Effects Suite (Version: 1.0.0.0 - MAGIX AG) Hidden MailStore Home 7.1.0.7815 (HKLM-x32\...\MailStore Home_universal1) (Version: 7.1.0.7815 - MailStore Software GmbH) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation) Microsoft Outlook 2013 - de-de (HKLM\...\OutlookRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MusicBee 2.0 (HKLM-x32\...\MusicBee) (Version: 2.0 - Steven Mayall) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger) NVIDIA PhysX (HKLM-x32\...\{506DDFBE-983F-4BC3-84B8-65F423B2D798}) (Version: 9.09.0209 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Outlook Backup Assistant 7 (Testversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7.0 - Priotecs IT GmbH) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA) PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line) RippMe (HKLM-x32\...\{D5E3232E-BE61-45FA-96BB-700349EFF048}) (Version: 3.04 - Lindy) Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.40.0.0 - Ascaron Entertainment) Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{A7825894-390D-4BBB-9EDC-C829F8B2C271}) (Version: 12.0.2.115 - MAGIX AG) Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (HKLM-x32\...\{DA120551-51CE-3195-8F9E-93D822F61597}) (Version: 1.3.0.0 - MAGIX AG) Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (HKLM-x32\...\{E80D368A-7860-33B0-AD3C-4C94D8023141}) (Version: 1.3.0.0 - MAGIX AG) Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (HKLM-x32\...\{D1B56A67-E132-39BB-8250-BE265061B712}) (Version: 1.0.0.0 - MAGIX AG) Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden SiSoftware Sandra Lite 2013.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.29.2013.3 - SiSoftware) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Steinberg Cubase LE 4 (HKLM-x32\...\{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}) (Version: 4.0.3.2233 - Steinberg Media Technologies GmbH) Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.5 - Steinberg Media Technologies GmbH) Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.6.3 - Steinberg Media Technologies GmbH) Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH) Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH) Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Syncrosoft Lizenz Kontrolle (HKLM-x32\...\Syncrosoft License Control) (Version: - SIA Syncrosoft) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) Toontrack solo 64 bit (HKLM\...\{FA9D0D8C-FDD1-45C2-8291-079FBA72D2CB}) (Version: 1.3.1 - Toontrack) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) VidCoder 1.3.4 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.3.4 - RandomEngy) Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Drum Engine (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Electric Piano (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Electric Piano Update (Version: 1.0.2.0 - MAGIX AG) Hidden Vita Jazz Drums (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Pop Brass (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Power Guitar (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Vintage Organ (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Vintage Organ Update (Version: 1.0.1.0 - MAGIX AG) Hidden VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) WiMP 2.5.0 (HKLM-x32\...\com.aspiro.wimp.de.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1) (Version: 2.5.0 - Aspiro AS) WiMP 2.5.0 (x32 Version: 2.5.0 - Aspiro AS) Hidden WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{BD21DB89-00D4-4D6D-9614-E35A5DE792C6}) (Version: 1.7.1 - Yamaha Corporation) Yamaha Steinberg USB Driver (Version: 1.7.1 - Yamaha Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{6295A54D-BD2A-4CF7-A288-62B0D91F7879}\InprocServer32 -> C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader64.dll () CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{743035C6-FA33-39DF-A741-34A81649705C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{E3DF3DC0-3869-3CF6-9638-ACE5BFCF8341}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{E444D266-68C3-4748-91FC-49A65C606776}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll No File CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 22-07-2014 20:22:38 Windows Update 23-07-2014 21:36:55 Windows Update 28-07-2014 19:45:41 Installiert Yamaha Steinberg USB Driver 29-07-2014 20:26:22 Windows Update 01-08-2014 05:15:15 Windows Update 02-08-2014 04:12:46 Windows Update 06-08-2014 05:18:24 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {123B44FD-9C7A-46D5-98FF-B6FF20D67870} - System32\Tasks\ShouldIRemoveIt => C:\Users\Max\AppData\Roaming\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-02-08] (Reason Software Company Inc.) Task: {1B7A9B73-03FB-4771-9EE8-F688E2B15095} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-19] (Microsoft Corporation) Task: {27F2EFCA-EF48-4CDD-A9FD-135FB62E61DF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation) Task: {91C0971E-5FB1-45E4-853E-11532EF256C9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Max-PC-Max Max-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation) Task: {A830CE69-F3FF-47F5-9AFD-6D42790EF177} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-19] (Microsoft Corporation) Task: {B1084A38-5AD0-4DC3-817C-07B135AC267F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-16 08:13 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-03-12 08:46 - 2014-06-12 07:29 - 08212480 _____ () C:\Users\Max\AppData\Roaming\Copy\overlay\Brt.dll 2014-02-04 16:27 - 2014-08-04 21:13 - 02092544 _____ () C:\Users\Max\AppData\Roaming\Copy\Gui.dll 2014-02-04 16:43 - 2014-08-04 21:13 - 08212480 _____ () C:\Users\Max\AppData\Roaming\Copy\Brt.dll 2014-02-04 16:29 - 2014-08-04 21:13 - 09222656 _____ () C:\Users\Max\AppData\Roaming\Copy\AgentSync.dll 2014-02-04 16:27 - 2014-08-04 21:13 - 05329920 _____ () C:\Users\Max\AppData\Roaming\Copy\CloudSync.dll 2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe 2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-07 19:09 - 2014-08-07 19:09 - 00043008 _____ () c:\users\max\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdpjlr.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Max\AppData\Roaming\Dropbox\bin\libcef.dll 2014-07-30 07:54 - 2014-07-30 07:54 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Max^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent ==================== Faulty Device Manager Devices ============= Name: AMD High Definition Audio Device Description: AMD High Definition Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Advanced Micro Devices Service: AtiHDAudioService Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: High Definition Audio-Gerät Description: High Definition Audio-Gerät Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/07/2014 07:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9e4 Startzeit: 01cfb25a918d3b46 Endzeit: 12964 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 75d7fbee-1e54-11e4-9b47-e0cb4e197ea5 Error: (08/07/2014 07:42:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm sidebar.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 874 Startzeit: 01cfb2024d03a44d Endzeit: 0 Anwendungspfad: C:\Program Files\Windows Sidebar\sidebar.exe Berichts-ID: 9111a705-1df5-11e4-8aca-e0cb4e197ea5 Error: (08/06/2014 10:48:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm explorer.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5f0 Startzeit: 01cfb1b750b2f796 Endzeit: 18237 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: fa621d46-1daa-11e4-bce2-e0cb4e197ea5 Error: (08/06/2014 10:37:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 978 Startzeit: 01cfb1b5e459c325 Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 6bf39194-1da9-11e4-8238-e0cb4e197ea5 Error: (08/04/2014 10:35:11 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (08/03/2014 10:03:42 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (08/02/2014 03:28:10 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (08/01/2014 05:29:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (07/31/2014 08:27:47 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (07/30/2014 08:26:50 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. System errors: ============= Error: (08/07/2014 07:10:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet. Error: (08/07/2014 06:46:38 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (08/07/2014 06:34:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "Hub Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (08/07/2014 06:20:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/07/2014 06:20:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/07/2014 06:19:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Search" wurde nicht richtig gestartet. Error: (08/07/2014 06:15:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Server" wurde nicht richtig gestartet. Error: (08/07/2014 06:11:27 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (08/07/2014 07:45:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Search" wurde nicht richtig gestartet. Error: (08/07/2014 07:41:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Server" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= Error: (08/07/2014 07:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.175149e401cfb25a918d3b4612964C:\Windows\Explorer.EXE75d7fbee-1e54-11e4-9b47-e0cb4e197ea5 Error: (08/07/2014 07:42:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: sidebar.exe6.1.7601.1751487401cfb2024d03a44d0C:\Program Files\Windows Sidebar\sidebar.exe9111a705-1df5-11e4-8aca-e0cb4e197ea5 Error: (08/06/2014 10:48:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.175145f001cfb1b750b2f79618237C:\Windows\explorer.exefa621d46-1daa-11e4-bce2-e0cb4e197ea5 Error: (08/06/2014 10:37:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.1751497801cfb1b5e459c3250C:\Windows\Explorer.EXE6bf39194-1da9-11e4-8238-e0cb4e197ea5 Error: (08/04/2014 10:35:11 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2 Error: (08/03/2014 10:03:42 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2 Error: (08/02/2014 03:28:10 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2 Error: (08/01/2014 05:29:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2 Error: (07/31/2014 08:27:47 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2 Error: (07/30/2014 08:26:50 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2 ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 6135.11 MB Available physical RAM: 3798.9 MB Total Pagefile: 12268.41 MB Available Pagefile: 9775.34 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:238.47 GB) (Free:70.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:465.76 GB) (Free:465.62 GB) NTFS Drive e: (Backup) (Fixed) (Total:488.28 GB) (Free:254.52 GB) NTFS Drive f: (Filme) (Fixed) (Total:465.75 GB) (Free:74.64 GB) NTFS Drive g: (Stuff) (Fixed) (Total:443.23 GB) (Free:122.7 GB) NTFS Drive h: (Storage) (Fixed) (Total:931.51 GB) (Free:302.5 GB) NTFS Drive i: (YE968B0) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 28A1826A) Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E1331ECC) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E1331ECD) Partition 1: (Not Active) - (Size=488 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1D86F4CE) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ So, das sollte es gewesen sein. Vielen, vielen Dank für die Hilfe! Grüße und einen schönen Abend, Max |
07.08.2014, 19:40 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde hi,
__________________welche Platte wude formatiert? Die mit Windows drauf?
__________________ |
07.08.2014, 19:41 | #3 |
| Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde Hi, nein, es war eine Datenpartition. Ich hab eine Datenplatte in 2 Partitionen aufgeteilt und nur eine davon wurde formatiert.
__________________ |
08.08.2014, 16:22 | #4 |
/// the machine /// TB-Ausbilder | Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.08.2014, 22:47 | #5 |
| Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde Hi, vielen Dank für die Antwort. Hier die gewünschten Logs: ADW: Code:
ATTFilter # AdwCleaner v3.303 - Bericht erstellt am 08/08/2014 um 15:21:40 # Aktualisiert 06/08/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Max - MAX-PC # Gestartet von : C:\Users\Max\Downloads\adwcleaner_3.303.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\FoxTab Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\Extensions\sparpilot@sparpilot.com Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\c0m4bv2z.default\Extensions\sparpilot@sparpilot.com Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\foxydeal.sqlite Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\invalidprefs.js Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\11-suche.xml Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\searchplugins\Startsear.xml Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\user.js Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\c0m4bv2z.default\user.js Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\user.js ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKCU\Software\92dfdfe56eec43 Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKLM\Software\Babylon Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v31.0 (x86 de) [ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Zeile gelöscht : user_pref("browser.search.order.1", "Web Search"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search (powered by Google)"); Zeile gelöscht : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n <replacements>\n <replacement>\n <key><![CDATA[__REGION__PLACEHOLDER__]]></key>\n <v[...] Zeile gelöscht : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,{DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2,{E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.4,{dc572301-7619-498c-a57d-[...] Zeile gelöscht : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true); Zeile gelöscht : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true); Zeile gelöscht : user_pref("extensions.webbooster@iminent.com.install-event-fired", true); Zeile gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n"); Zeile gelöscht : user_pref("surfcanyon.last_checked_ts", "1266964806208"); [ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\c0m4bv2z.default\prefs.js ] [ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\prefs.js ] Zeile gelöscht : user_pref("extensions.delta.admin", false); Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst"); Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en"); Zeile gelöscht : user_pref("extensions.delta.excTlbr", false); Zeile gelöscht : user_pref("extensions.delta.id", "b416ab02000000000000e0cb4e197ea5"); Zeile gelöscht : user_pref("extensions.delta.instlDay", "15748"); Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst"); Zeile gelöscht : user_pref("extensions.delta.newTab", false); Zeile gelöscht : user_pref("extensions.delta.prdct", "delta"); Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta"); Zeile gelöscht : user_pref("extensions.delta.rvrt", "false"); Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", ""); Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0"); Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.014:04:36"); Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0"); ************************* AdwCleaner[R0].txt - [5635 octets] - [08/08/2014 15:20:16] AdwCleaner[S0].txt - [5510 octets] - [08/08/2014 15:21:40] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5570 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Home Premium x64 Ran by Max on 08.08.2014 at 23:41:07,48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1865603631-1092788096-2546801250-1001\Software\sweetim ~~~ Files Successfully deleted: [File] "C:\chromehplog.txt" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\simplitec" Successfully deleted: [Folder] "C:\Users\Max\AppData\Roaming\simplitec" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted: [Folder] C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\i1zg6oxg.default\extensions\staged Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\i1zg6oxg.default\minidumps [27 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.08.2014 at 23:43:00,35 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014 Ran by Max (administrator) on MAX-PC on 08-08-2014 23:44:22 Running from C:\Users\Max\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Barracuda Networks, Inc.) C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe (Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG) HKU\.DEFAULT\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [SkyDrive] => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-06] (Microsoft Corporation) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-08-04] (Glarysoft Ltd) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Policies\Explorer: [DisallowRun] 1 Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) BootExecute: autocheck autochk * BootDefrag.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91CEEDA11709CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default FF SelectedSearchEngine: Google FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\ich@maltegoetz.de [2014-07-09] FF Extension: WOT - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-07] FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: ImageHost Grabber - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2013-02-12] FF Extension: Ghostery - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\firefox@ghostery.com.xpi [2014-08-07] FF Extension: Google Translator for Firefox - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\translator@zoli.bod.xpi [2013-02-12] FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-12] FF Extension: Tab Mix Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-12] FF Extension: DownThemAll! - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-12] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Max\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-07] (Glarysoft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation) S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X] S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 23:43 - 2014-08-08 23:43 - 00001383 _____ () C:\Users\Max\Desktop\JRT.txt 2014-08-08 23:37 - 2014-08-08 23:37 - 01016261 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe 2014-08-08 23:37 - 2014-08-08 23:37 - 00000000 ____D () C:\Windows\ERUNT 2014-08-08 15:23 - 2014-08-08 15:23 - 00000306 _____ () C:\Windows\PFRO.log 2014-08-08 15:20 - 2014-08-08 15:21 - 00000000 ____D () C:\AdwCleaner 2014-08-08 15:19 - 2014-08-08 15:20 - 01475072 _____ () C:\Users\Max\Downloads\adwcleaner_3.303.exe 2014-08-08 07:33 - 2014-08-08 07:38 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 07:33 - 2014-08-08 07:38 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-08 07:29 - 2014-08-08 23:40 - 00000392 _____ () C:\Windows\setupact.log 2014-08-08 07:29 - 2014-08-08 07:29 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-07 22:06 - 2014-08-07 22:06 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2014-08-07 22:06 - 2014-08-07 22:06 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\GlarySoft 2014-08-07 22:05 - 2014-08-08 23:40 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2014-08-07 22:05 - 2014-08-08 07:29 - 00000000 ____D () C:\Users\Max\AppData\Roaming\DiskDefrag 2014-08-07 22:05 - 2014-08-07 22:06 - 00002964 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2014-08-07 22:05 - 2014-08-07 22:06 - 00002618 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2014-08-07 22:05 - 2014-08-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-08-07 22:05 - 2014-08-07 22:05 - 14416304 _____ () C:\Users\Max\Downloads\Glary_Utilities_v5.5.0.12.exe 2014-08-07 22:05 - 2014-08-07 22:05 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2014-08-07 22:05 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\GlarySoft 2014-08-07 22:05 - 2014-08-04 03:42 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe 2014-08-07 22:05 - 2014-07-18 09:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys 2014-08-07 22:04 - 2014-08-07 22:04 - 06685392 _____ (Glarysoft Ltd ) C:\Users\Max\Downloads\gusetup_slim_2.56.exe 2014-08-07 20:53 - 2014-08-07 20:53 - 00225980 _____ () C:\Users\Max\Documents\cc_20140807_205320.reg 2014-08-07 20:51 - 2014-08-07 20:51 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-07 20:51 - 2014-08-07 20:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-07 20:12 - 2014-08-07 20:12 - 00025078 _____ () C:\Users\Max\Downloads\malwarebytes.txt 2014-08-07 19:54 - 2014-08-07 19:54 - 00009648 _____ () C:\Users\Max\Downloads\gmer_log.log 2014-08-07 19:48 - 2014-08-07 19:48 - 00380416 _____ () C:\Users\Max\Downloads\Gmer-19357.exe 2014-08-07 19:43 - 2014-08-07 19:43 - 00046491 _____ () C:\Users\Max\Downloads\Addition.txt 2014-08-07 19:42 - 2014-08-08 23:44 - 00017367 _____ () C:\Users\Max\Downloads\FRST.txt 2014-08-07 19:42 - 2014-08-08 23:44 - 00000000 ____D () C:\FRST 2014-08-07 19:42 - 2014-08-07 19:42 - 02094080 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log 2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable 2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe 2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv 2014-08-07 18:40 - 2014-08-07 18:42 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239 2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_ 2014-08-07 18:20 - 2014-08-07 18:30 - 00000000 ____D () C:\Program Files\stinger 2014-08-07 07:23 - 2014-08-08 23:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-07 07:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8 2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a 2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon 2014-08-03 09:46 - 2013-10-21 12:26 - 00025504 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys 2014-08-01 07:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-01 07:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-01 07:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-01 07:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-01 07:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-01 07:15 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-01 07:15 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-01 07:15 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-01 07:15 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg 2014-07-30 07:54 - 2014-08-07 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-07-25 19:08 - 2014-07-27 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-09 07:25 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 07:25 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 07:25 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 07:25 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 07:25 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 07:25 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 07:25 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 07:25 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 07:25 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 07:25 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 07:25 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 07:25 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 07:25 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 07:25 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 07:25 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 07:25 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 07:25 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 07:25 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 07:25 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 07:25 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 07:25 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 07:25 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 07:25 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 07:25 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 07:25 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 07:25 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 07:25 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 07:25 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 07:25 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 07:25 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 07:25 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 07:25 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 07:25 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 07:25 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 07:25 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 07:25 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 07:25 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 07:25 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 07:25 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 07:25 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 07:25 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 07:25 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 07:25 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 07:25 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 07:25 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 07:25 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 07:25 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 07:25 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 07:25 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 07:25 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 07:25 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 07:25 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 07:25 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 07:25 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 07:25 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 07:25 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 07:25 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 07:25 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 07:25 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 07:25 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 07:25 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 07:25 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 07:25 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 07:25 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-09 07:25 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 23:44 - 2014-08-07 19:42 - 00017367 _____ () C:\Users\Max\Downloads\FRST.txt 2014-08-08 23:44 - 2014-08-07 19:42 - 00000000 ____D () C:\FRST 2014-08-08 23:43 - 2014-08-08 23:43 - 00001383 _____ () C:\Users\Max\Desktop\JRT.txt 2014-08-08 23:41 - 2014-08-07 07:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-08 23:41 - 2014-05-26 07:29 - 00005120 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Max-PC-Max Max-PC 2014-08-08 23:41 - 2014-03-12 08:46 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Copy 2014-08-08 23:40 - 2014-08-08 07:29 - 00000392 _____ () C:\Windows\setupact.log 2014-08-08 23:40 - 2014-08-07 22:05 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2014-08-08 23:40 - 2013-02-12 14:39 - 00000000 ___RD () C:\Users\Max\Dropbox 2014-08-08 23:40 - 2013-02-12 14:38 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Dropbox 2014-08-08 23:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-08 23:39 - 2013-02-12 13:30 - 02073883 _____ () C:\Windows\WindowsUpdate.log 2014-08-08 23:37 - 2014-08-08 23:37 - 01016261 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe 2014-08-08 23:37 - 2014-08-08 23:37 - 00000000 ____D () C:\Windows\ERUNT 2014-08-08 22:53 - 2013-02-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-08 15:31 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-08 15:31 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-08 15:28 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat 2014-08-08 15:28 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat 2014-08-08 15:28 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-08 15:23 - 2014-08-08 15:23 - 00000306 _____ () C:\Windows\PFRO.log 2014-08-08 15:21 - 2014-08-08 15:20 - 00000000 ____D () C:\AdwCleaner 2014-08-08 15:20 - 2014-08-08 15:19 - 01475072 _____ () C:\Users\Max\Downloads\adwcleaner_3.303.exe 2014-08-08 07:48 - 2013-02-13 11:30 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc 2014-08-08 07:38 - 2014-08-08 07:33 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 07:38 - 2014-08-08 07:33 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-08 07:38 - 2013-02-12 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-08 07:38 - 2013-02-12 14:30 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-08 07:33 - 2013-02-12 14:30 - 00000000 ____D () C:\ProgramData\Avira 2014-08-08 07:29 - 2014-08-08 07:29 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-08 07:29 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\DiskDefrag 2014-08-07 22:46 - 2013-02-12 15:07 - 00000000 ____D () C:\Users\Max\Downloads\JDownloader 2014-08-07 22:13 - 2013-02-14 16:46 - 00000000 ____D () C:\Users\Max\Downloads\Musik 2014-08-07 22:06 - 2014-08-07 22:06 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2014-08-07 22:06 - 2014-08-07 22:06 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\GlarySoft 2014-08-07 22:06 - 2014-08-07 22:05 - 00002964 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2014-08-07 22:06 - 2014-08-07 22:05 - 00002618 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2014-08-07 22:06 - 2014-08-07 22:05 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-08-07 22:05 - 2014-08-07 22:05 - 14416304 _____ () C:\Users\Max\Downloads\Glary_Utilities_v5.5.0.12.exe 2014-08-07 22:05 - 2014-08-07 22:05 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2014-08-07 22:05 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\GlarySoft 2014-08-07 22:04 - 2014-08-07 22:04 - 06685392 _____ (Glarysoft Ltd ) C:\Users\Max\Downloads\gusetup_slim_2.56.exe 2014-08-07 21:24 - 2013-02-12 14:39 - 00122464 _____ () C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-07 21:24 - 2009-07-14 06:45 - 03056152 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-07 20:58 - 2013-12-08 19:22 - 00000000 ____D () C:\Program Files (x86)\Pixum 2014-08-07 20:57 - 2014-02-17 20:13 - 00000000 ____D () C:\Users\Max\AppData\Local\Google 2014-08-07 20:57 - 2014-02-17 20:12 - 00000000 ____D () C:\Program Files (x86)\Google 2014-08-07 20:53 - 2014-08-07 20:53 - 00225980 _____ () C:\Users\Max\Documents\cc_20140807_205320.reg 2014-08-07 20:52 - 2013-02-12 18:32 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-07 20:52 - 2013-02-12 13:26 - 00000000 ____D () C:\Windows\Panther 2014-08-07 20:51 - 2014-08-07 20:51 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-07 20:51 - 2014-08-07 20:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-07 20:12 - 2014-08-07 20:12 - 00025078 _____ () C:\Users\Max\Downloads\malwarebytes.txt 2014-08-07 19:58 - 2013-02-12 14:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-08-07 19:54 - 2014-08-07 19:54 - 00009648 _____ () C:\Users\Max\Downloads\gmer_log.log 2014-08-07 19:48 - 2014-08-07 19:48 - 00380416 _____ () C:\Users\Max\Downloads\Gmer-19357.exe 2014-08-07 19:43 - 2014-08-07 19:43 - 00046491 _____ () C:\Users\Max\Downloads\Addition.txt 2014-08-07 19:42 - 2014-08-07 19:42 - 02094080 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log 2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable 2014-08-07 19:39 - 2013-02-12 13:34 - 00000000 ____D () C:\Users\Max 2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe 2014-08-07 19:18 - 2014-07-30 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv 2014-08-07 18:42 - 2014-08-07 18:40 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239 2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_ 2014-08-07 18:30 - 2014-08-07 18:20 - 00000000 ____D () C:\Program Files\stinger 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Malwarebytes 2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 23:45 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8 2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a 2014-08-06 23:26 - 2013-12-20 15:05 - 13144064 _____ () C:\Users\Max\AppData\Roaming\Sandra.mdb 2014-08-06 22:45 - 2014-03-06 00:18 - 00000000 ___RD () C:\Users\Max\OneDrive 2014-08-06 22:45 - 2014-03-06 00:17 - 00002198 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-08-06 07:34 - 2013-02-12 15:06 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-08-04 03:42 - 2014-08-07 22:05 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe 2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon 2014-08-01 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-30 22:23 - 2013-02-12 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-07-27 20:20 - 2014-07-25 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-27 20:20 - 2014-05-01 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak 2014-07-24 16:18 - 2013-05-08 07:13 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-23 23:38 - 2013-04-13 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-23 21:13 - 2013-02-12 14:39 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-22 07:21 - 2014-07-05 15:43 - 00000000 ____D () C:\Users\Max\AppData\Local\Adobe 2014-07-18 09:11 - 2014-08-07 22:05 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys 2014-07-09 17:44 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 08:17 - 2013-08-14 08:20 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 08:16 - 2013-02-13 17:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Max\AppData\Local\Temp\avgnt.exe C:\Users\Max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8exgan.dll C:\Users\Max\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-08 08:44 ==================== End Of Log ============================ Grüße Max |
09.08.2014, 14:30 | #6 |
/// the machine /// TB-Ausbilder | Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes FundeESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde |
09.08.2014, 22:32 | #7 |
| Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e58592392a36764ea274391cc4793bfc # engine=19578 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-09 06:44:51 # local_time=2014-08-09 08:44:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 4265 46941370 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 41318 159239741 0 0 # scanned=363893 # found=7 # cleaned=0 # scan_time=4057 sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll" sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe" sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe" sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe" sh=F9DA58E7940D1A7FA8583D165D6505B2C721B517 ft=1 fh=b5d37b2c1061e27d vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\Wichtige Programme\xxxxx\FreeFileSync_5.11_setup.exe" sh=E158071CD7B4A083315C36A43A9C7884112B7197 ft=1 fh=bf17d7ab9c277b30 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\Wichtige Programme\xxxxx\FreeFileSync_5.12_setup.exe" sh=0BFF84AA6CC4CCF580EAE2FBF4C129FA6EA612C4 ft=1 fh=9fe1a4845276fe8f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\Wichtige Programme\xxxxx\Unlocker1.9.1-x64.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineScannerApp.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01 Ran by Max (administrator) on MAX-PC on 09-08-2014 23:30:12 Running from C:\Users\Max\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Barracuda Networks, Inc.) C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe (Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Oracle Corporation) C:\Program Files (x86)\JDownloader\jre\bin\javaw.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG) HKU\.DEFAULT\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [SkyDrive] => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-06] (Microsoft Corporation) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-08-04] (Glarysoft Ltd) HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Policies\Explorer: [DisallowRun] 1 Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) BootExecute: autocheck autochk * BootDefrag.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91CEEDA11709CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default FF SelectedSearchEngine: Google FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\ich@maltegoetz.de [2014-07-09] FF Extension: No Name - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\staged [2014-08-09] FF Extension: WOT - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-07] FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: ImageHost Grabber - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2013-02-12] FF Extension: Ghostery - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\firefox@ghostery.com.xpi [2014-08-07] FF Extension: Google Translator for Firefox - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\translator@zoli.bod.xpi [2013-02-12] FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-12] FF Extension: Tab Mix Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-12] FF Extension: DownThemAll! - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-12] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Max\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-07] (Glarysoft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation) S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X] S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 23:30 - 2014-08-09 23:30 - 00000000 ____D () C:\Users\Max\Downloads\FRST-OlderVersion 2014-08-09 23:27 - 2014-08-09 23:27 - 00854410 _____ () C:\Users\Max\Downloads\SecurityCheck.exe 2014-08-09 19:34 - 2014-08-09 19:34 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_deu.exe 2014-08-09 19:34 - 2014-08-09 19:34 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-08-09 09:25 - 2014-08-09 09:30 - 481022452 _____ () C:\Users\Max\Downloads\BL2014-07-14.rar 2014-08-08 23:43 - 2014-08-08 23:43 - 00001383 _____ () C:\Users\Max\Desktop\JRT.txt 2014-08-08 23:37 - 2014-08-08 23:37 - 01016261 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe 2014-08-08 23:37 - 2014-08-08 23:37 - 00000000 ____D () C:\Windows\ERUNT 2014-08-08 15:23 - 2014-08-08 15:23 - 00000306 _____ () C:\Windows\PFRO.log 2014-08-08 15:20 - 2014-08-08 15:21 - 00000000 ____D () C:\AdwCleaner 2014-08-08 15:19 - 2014-08-08 15:20 - 01475072 _____ () C:\Users\Max\Downloads\adwcleaner_3.303.exe 2014-08-08 07:33 - 2014-08-08 07:38 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 07:33 - 2014-08-08 07:38 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-08 07:29 - 2014-08-09 19:30 - 00000672 _____ () C:\Windows\setupact.log 2014-08-08 07:29 - 2014-08-08 07:29 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-07 22:06 - 2014-08-07 22:06 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2014-08-07 22:06 - 2014-08-07 22:06 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\GlarySoft 2014-08-07 22:05 - 2014-08-09 19:30 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2014-08-07 22:05 - 2014-08-08 07:29 - 00000000 ____D () C:\Users\Max\AppData\Roaming\DiskDefrag 2014-08-07 22:05 - 2014-08-07 22:06 - 00002964 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2014-08-07 22:05 - 2014-08-07 22:06 - 00002618 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2014-08-07 22:05 - 2014-08-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-08-07 22:05 - 2014-08-07 22:05 - 14416304 _____ () C:\Users\Max\Downloads\Glary_Utilities_v5.5.0.12.exe 2014-08-07 22:05 - 2014-08-07 22:05 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2014-08-07 22:05 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\GlarySoft 2014-08-07 22:05 - 2014-08-04 03:42 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe 2014-08-07 22:05 - 2014-07-18 09:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys 2014-08-07 22:04 - 2014-08-07 22:04 - 06685392 _____ (Glarysoft Ltd ) C:\Users\Max\Downloads\gusetup_slim_2.56.exe 2014-08-07 20:53 - 2014-08-07 20:53 - 00225980 _____ () C:\Users\Max\Documents\cc_20140807_205320.reg 2014-08-07 20:51 - 2014-08-07 20:51 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-07 20:51 - 2014-08-07 20:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-07 20:12 - 2014-08-07 20:12 - 00025078 _____ () C:\Users\Max\Downloads\malwarebytes.txt 2014-08-07 19:54 - 2014-08-07 19:54 - 00009648 _____ () C:\Users\Max\Downloads\gmer_log.log 2014-08-07 19:48 - 2014-08-07 19:48 - 00380416 _____ () C:\Users\Max\Downloads\Gmer-19357.exe 2014-08-07 19:43 - 2014-08-07 19:43 - 00046491 _____ () C:\Users\Max\Downloads\Addition.txt 2014-08-07 19:42 - 2014-08-09 23:30 - 02093568 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2014-08-07 19:42 - 2014-08-09 23:30 - 00017422 _____ () C:\Users\Max\Downloads\FRST.txt 2014-08-07 19:42 - 2014-08-09 23:30 - 00000000 ____D () C:\FRST 2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log 2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable 2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe 2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv 2014-08-07 18:40 - 2014-08-07 18:42 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239 2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_ 2014-08-07 18:20 - 2014-08-07 18:30 - 00000000 ____D () C:\Program Files\stinger 2014-08-07 07:23 - 2014-08-09 21:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-07 07:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8 2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a 2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon 2014-08-03 09:46 - 2013-10-21 12:26 - 00025504 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys 2014-08-01 07:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-01 07:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-01 07:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-01 07:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-01 07:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-01 07:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-01 07:15 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-01 07:15 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-01 07:15 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-01 07:15 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg 2014-07-30 07:54 - 2014-08-07 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-07-25 19:08 - 2014-07-27 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 23:30 - 2014-08-09 23:30 - 00000000 ____D () C:\Users\Max\Downloads\FRST-OlderVersion 2014-08-09 23:30 - 2014-08-07 19:42 - 02093568 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2014-08-09 23:30 - 2014-08-07 19:42 - 00017422 _____ () C:\Users\Max\Downloads\FRST.txt 2014-08-09 23:30 - 2014-08-07 19:42 - 00000000 ____D () C:\FRST 2014-08-09 23:27 - 2014-08-09 23:27 - 00854410 _____ () C:\Users\Max\Downloads\SecurityCheck.exe 2014-08-09 23:25 - 2014-03-12 08:46 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Copy 2014-08-09 23:01 - 2013-02-12 13:30 - 01083839 _____ () C:\Windows\WindowsUpdate.log 2014-08-09 22:53 - 2013-02-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-09 21:57 - 2014-08-07 07:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-09 21:39 - 2014-05-26 07:29 - 00005120 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Max-PC-Max Max-PC 2014-08-09 20:15 - 2013-02-12 15:07 - 00000000 ____D () C:\Users\Max\Downloads\JDownloader 2014-08-09 20:00 - 2013-02-12 15:06 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-08-09 19:45 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat 2014-08-09 19:45 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat 2014-08-09 19:45 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-09 19:38 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-09 19:38 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-09 19:34 - 2014-08-09 19:34 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_deu.exe 2014-08-09 19:34 - 2014-08-09 19:34 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-08-09 19:30 - 2014-08-08 07:29 - 00000672 _____ () C:\Windows\setupact.log 2014-08-09 19:30 - 2014-08-07 22:05 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2014-08-09 19:30 - 2013-02-12 14:39 - 00000000 ___RD () C:\Users\Max\Dropbox 2014-08-09 19:30 - 2013-02-12 14:38 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Dropbox 2014-08-09 19:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-09 09:34 - 2013-02-13 11:30 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc 2014-08-09 09:30 - 2014-08-09 09:25 - 481022452 _____ () C:\Users\Max\Downloads\BL2014-07-14.rar 2014-08-08 23:43 - 2014-08-08 23:43 - 00001383 _____ () C:\Users\Max\Desktop\JRT.txt 2014-08-08 23:37 - 2014-08-08 23:37 - 01016261 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe 2014-08-08 23:37 - 2014-08-08 23:37 - 00000000 ____D () C:\Windows\ERUNT 2014-08-08 15:23 - 2014-08-08 15:23 - 00000306 _____ () C:\Windows\PFRO.log 2014-08-08 15:21 - 2014-08-08 15:20 - 00000000 ____D () C:\AdwCleaner 2014-08-08 15:20 - 2014-08-08 15:19 - 01475072 _____ () C:\Users\Max\Downloads\adwcleaner_3.303.exe 2014-08-08 07:38 - 2014-08-08 07:33 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 07:38 - 2014-08-08 07:33 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-08 07:38 - 2013-02-12 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-08 07:38 - 2013-02-12 14:30 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-08 07:33 - 2013-02-12 14:30 - 00000000 ____D () C:\ProgramData\Avira 2014-08-08 07:29 - 2014-08-08 07:29 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-08 07:29 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\DiskDefrag 2014-08-07 22:13 - 2013-02-14 16:46 - 00000000 ____D () C:\Users\Max\Downloads\Musik 2014-08-07 22:06 - 2014-08-07 22:06 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2014-08-07 22:06 - 2014-08-07 22:06 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\GlarySoft 2014-08-07 22:06 - 2014-08-07 22:05 - 00002964 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2014-08-07 22:06 - 2014-08-07 22:05 - 00002618 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2014-08-07 22:06 - 2014-08-07 22:05 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-08-07 22:05 - 2014-08-07 22:05 - 14416304 _____ () C:\Users\Max\Downloads\Glary_Utilities_v5.5.0.12.exe 2014-08-07 22:05 - 2014-08-07 22:05 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2014-08-07 22:05 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\GlarySoft 2014-08-07 22:04 - 2014-08-07 22:04 - 06685392 _____ (Glarysoft Ltd ) C:\Users\Max\Downloads\gusetup_slim_2.56.exe 2014-08-07 21:24 - 2013-02-12 14:39 - 00122464 _____ () C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-07 21:24 - 2009-07-14 06:45 - 03056152 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-07 20:58 - 2013-12-08 19:22 - 00000000 ____D () C:\Program Files (x86)\Pixum 2014-08-07 20:57 - 2014-02-17 20:13 - 00000000 ____D () C:\Users\Max\AppData\Local\Google 2014-08-07 20:57 - 2014-02-17 20:12 - 00000000 ____D () C:\Program Files (x86)\Google 2014-08-07 20:53 - 2014-08-07 20:53 - 00225980 _____ () C:\Users\Max\Documents\cc_20140807_205320.reg 2014-08-07 20:52 - 2013-02-12 18:32 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-07 20:52 - 2013-02-12 13:26 - 00000000 ____D () C:\Windows\Panther 2014-08-07 20:51 - 2014-08-07 20:51 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-07 20:51 - 2014-08-07 20:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-07 20:12 - 2014-08-07 20:12 - 00025078 _____ () C:\Users\Max\Downloads\malwarebytes.txt 2014-08-07 19:58 - 2013-02-12 14:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-08-07 19:54 - 2014-08-07 19:54 - 00009648 _____ () C:\Users\Max\Downloads\gmer_log.log 2014-08-07 19:48 - 2014-08-07 19:48 - 00380416 _____ () C:\Users\Max\Downloads\Gmer-19357.exe 2014-08-07 19:43 - 2014-08-07 19:43 - 00046491 _____ () C:\Users\Max\Downloads\Addition.txt 2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log 2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable 2014-08-07 19:39 - 2013-02-12 13:34 - 00000000 ____D () C:\Users\Max 2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe 2014-08-07 19:18 - 2014-07-30 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv 2014-08-07 18:42 - 2014-08-07 18:40 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList 2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239 2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_ 2014-08-07 18:30 - 2014-08-07 18:20 - 00000000 ____D () C:\Program Files\stinger 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Malwarebytes 2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 23:45 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8 2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions 2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a 2014-08-06 23:26 - 2013-12-20 15:05 - 13144064 _____ () C:\Users\Max\AppData\Roaming\Sandra.mdb 2014-08-06 22:45 - 2014-03-06 00:18 - 00000000 ___RD () C:\Users\Max\OneDrive 2014-08-06 22:45 - 2014-03-06 00:17 - 00002198 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-08-04 03:42 - 2014-08-07 22:05 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe 2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon 2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon 2014-08-01 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-30 22:23 - 2013-02-12 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha 2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-07-27 20:20 - 2014-07-25 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-27 20:20 - 2014-05-01 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak 2014-07-24 16:18 - 2013-05-08 07:13 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-23 23:38 - 2013-04-13 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-23 21:13 - 2013-02-12 14:39 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-22 07:21 - 2014-07-05 15:43 - 00000000 ____D () C:\Users\Max\AppData\Local\Adobe 2014-07-18 09:11 - 2014-08-07 22:05 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys Some content of TEMP: ==================== C:\Users\Max\AppData\Local\Temp\avgnt.exe C:\Users\Max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk9akcx.dll C:\Users\Max\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-08 08:44 ==================== End Of Log ============================ Zu den Problemen kann ich jetzt wenig sagen. Gefühlt läuft alles wieder schneller. An was lag denn das von mir beschriebene Phänomen? Hatte ich Malware drauf, die so etwas verursacht? Vielen Dank auf jeden Fall für die schnelle und kompetente Hilfe! Grüße Max |
10.08.2014, 08:31 | #8 |
/// the machine /// TB-Ausbilder | Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde Jede Menge Adware. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.08.2014, 13:52 | #9 |
| Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde Hallo Schrauber, alles erledigt! Ich hoffe, es bleiben keine Schäden zurück, denn der Bootvorgang dauert immer noch länger als gewohnt (wenn auch nicht mehr ganz so lang wie zu Beginn). Vielen Dank soweit und einen schönen Abend, Grüße Max Und ich glaube ich habe den Grund gefunden: kann es sein, dass der MWB Resident das Laden am Anfang verzögert? Ich habe den mal ausgeschaltet und jetzt läuft's wie vorher.... |
11.08.2014, 21:15 | #10 |
/// the machine /// TB-Ausbilder | Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde möglich
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde |
akamai, antivir, antivirus, avira, booten, branding, browser, canon, cubase, desktop, festplatte, firefox, firefox 31.0, flash player, helper, home, homepage, hängen, langsam, langsamkeit, mozilla, newtab, outlook 2013, problem, programm, registry, scan, software, svchost.exe, system, updates, windows |