| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.Optional.Delta.A Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.08.2014, 07:11
| #1 |
 |  PUP.Optional.Delta.A Windows 7 Nach einem Scan mit Malwarebytes folgende Funde gehabt: ------------------------------------------------------------------------------ Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.08.2014 Suchlauf-Zeit: 07:23:44 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.16.02 Rootkit Datenbank: v2014.08.15.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Juergen Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 352473 Verstrichene Zeit: 26 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 23 PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false)  , ,[321075526b101422b8e451b2f90cb44c]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst") , ,[46fc4483c8b3ea4c38643dc63fc62ed2]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}") , ,[b19146815e1d2214bddf966d3cc94eb2]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false") , ,[97ab4d7a91ea999dccd09a694eb7857b]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "en") , ,[81c1c00792e9162015877e85877e2ad6]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false) , ,[7bc74d7a34476ccaa3f9c63dca3b02fe]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true) , ,[58eafdca6813b87e2d6fb54e996c857b]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "1e6b7ca500000000000000ff394dda61") , ,[c57d7e4981fadb5b49533dc6ff06916f]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15843") , ,[f74b6a5dd0ab64d2cdcf6e9590750df3]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst") , ,[70d21cabf982af879804be457293a45c]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false) , ,[bf83398ea1da47ef6b31867d7f86eb15]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta") , ,[380a07c082f96ec8e1bb996ab94c38c8]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta") , ,[e65c893ef3880234bbe1768def168779]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false") , ,[e85a0fb834472f07009c1be8a560bc44]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none") , ,[4af83b8c8ceff640504c22e16d983bc5]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base") , ,[271b07c00675a78fc7d58b785baa52ae]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "") , ,[44fe03c4bfbc35019dff9e658c79966a]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.21.0") , ,[0d35299e96e505315c40c73cfa0b8878]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.21.016:08:46") , ,[e1615770cead35014458e3209273fe02]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.21.0") , ,[55ed09be7605a294edaf9c6731d4fa06]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "") , ,[31117b4c7b00c571099322e1aa5b9b65]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119779&tt=gc_") , ,[0d35883fde9d5dd9a8f43cc72fd66c94]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss") , ,[82c0d9ee1e5d39fd5c407d862adb659b]Physische Sektoren: 0 (No malicious items detected) (end) ---------------------------------------------------------------------------------------- Habe dann diesen Hinweis befolgt: Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) ---------------------------------------- Hier der Inhalt von FRST.TXT ----------------------------- FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Juergen (administrator) on JUERGEN-PC on 16-08-2014 07:58:39 Running from C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z\FRST[1].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll => c:\progra~1\browse~1\sprote~1.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=206 BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-06] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-23] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Juergen\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Juergen\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 StumbleUponUpdater; C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ar5tfnth; C:\Windows\system32\Drivers\ar5tfnth.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-16 07:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-07-17 12:21 - 2014-07-17 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 08:00 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-16 07:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-16 07:50 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-16 07:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-16 07:20 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 07:20 - 2010-12-13 09:54 - 01049201 _____ () C:\Windows\WindowsUpdate.log 2014-08-16 07:19 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 07:19 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-16 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 14:07 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-15 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:52 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-14 21:50 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-14 21:45 - 2010-07-07 20:31 - 01105862 _____ () C:\Windows\PFRO.log 2014-08-14 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 21:45 - 2009-07-14 06:39 - 00193764 _____ () C:\Windows\setupact.log 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 22:24 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-07-18 22:10 - 2012-07-19 18:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\HpUpdate 2014-07-17 12:22 - 2014-07-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus 2014-07-17 12:22 - 2010-12-18 15:34 - 00000000 ____D () C:\ProgramData\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared 2014-07-17 12:19 - 2013-09-30 10:01 - 00000000 _____ () C:\END 2014-07-17 11:13 - 2009-07-14 06:33 - 00595720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-17 10:23 - 2010-12-13 11:40 - 00175904 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:35 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Und hier der Inhalt von Adition.txt -------------------------------- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Juergen (administrator) on JUERGEN-PC on 16-08-2014 07:58:39 Running from C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z\FRST[1].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll => c:\progra~1\browse~1\sprote~1.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=206 BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-06] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-23] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Juergen\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Juergen\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 StumbleUponUpdater; C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ar5tfnth; C:\Windows\system32\Drivers\ar5tfnth.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-16 07:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-07-17 12:21 - 2014-07-17 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 08:00 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-16 07:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-16 07:50 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-16 07:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-16 07:20 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 07:20 - 2010-12-13 09:54 - 01049201 _____ () C:\Windows\WindowsUpdate.log 2014-08-16 07:19 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 07:19 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-16 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 14:07 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-15 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:52 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-14 21:50 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-14 21:45 - 2010-07-07 20:31 - 01105862 _____ () C:\Windows\PFRO.log 2014-08-14 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 21:45 - 2009-07-14 06:39 - 00193764 _____ () C:\Windows\setupact.log 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 22:24 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-07-18 22:10 - 2012-07-19 18:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\HpUpdate 2014-07-17 12:22 - 2014-07-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus 2014-07-17 12:22 - 2010-12-18 15:34 - 00000000 ____D () C:\ProgramData\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared 2014-07-17 12:19 - 2013-09-30 10:01 - 00000000 _____ () C:\END 2014-07-17 11:13 - 2009-07-14 06:33 - 00595720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-17 10:23 - 2010-12-13 11:40 - 00175904 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:35 ==================== End Of Log ============================ --- --- --- --- --- --- Ich nutze Firefox NICHT als Standardbrowser, sondern SlimBrowser |
Baum-Darstellung