| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.Optional.Delta.A Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.08.2014, 07:11
| #1 |
 |  PUP.Optional.Delta.A Windows 7 Nach einem Scan mit Malwarebytes folgende Funde gehabt: ------------------------------------------------------------------------------ Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.08.2014 Suchlauf-Zeit: 07:23:44 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.16.02 Rootkit Datenbank: v2014.08.15.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Juergen Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 352473 Verstrichene Zeit: 26 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 23 PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false)  , ,[321075526b101422b8e451b2f90cb44c]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst") , ,[46fc4483c8b3ea4c38643dc63fc62ed2]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}") , ,[b19146815e1d2214bddf966d3cc94eb2]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false") , ,[97ab4d7a91ea999dccd09a694eb7857b]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "en") , ,[81c1c00792e9162015877e85877e2ad6]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false) , ,[7bc74d7a34476ccaa3f9c63dca3b02fe]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true) , ,[58eafdca6813b87e2d6fb54e996c857b]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "1e6b7ca500000000000000ff394dda61") , ,[c57d7e4981fadb5b49533dc6ff06916f]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15843") , ,[f74b6a5dd0ab64d2cdcf6e9590750df3]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst") , ,[70d21cabf982af879804be457293a45c]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false) , ,[bf83398ea1da47ef6b31867d7f86eb15]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta") , ,[380a07c082f96ec8e1bb996ab94c38c8]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta") , ,[e65c893ef3880234bbe1768def168779]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false") , ,[e85a0fb834472f07009c1be8a560bc44]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none") , ,[4af83b8c8ceff640504c22e16d983bc5]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base") , ,[271b07c00675a78fc7d58b785baa52ae]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "") , ,[44fe03c4bfbc35019dff9e658c79966a]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.21.0") , ,[0d35299e96e505315c40c73cfa0b8878]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.21.016:08:46") , ,[e1615770cead35014458e3209273fe02]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.21.0") , ,[55ed09be7605a294edaf9c6731d4fa06]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "") , ,[31117b4c7b00c571099322e1aa5b9b65]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119779&tt=gc_") , ,[0d35883fde9d5dd9a8f43cc72fd66c94]PUP.Optional.Delta.A, C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss") , ,[82c0d9ee1e5d39fd5c407d862adb659b]Physische Sektoren: 0 (No malicious items detected) (end) ---------------------------------------------------------------------------------------- Habe dann diesen Hinweis befolgt: Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) ---------------------------------------- Hier der Inhalt von FRST.TXT ----------------------------- FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Juergen (administrator) on JUERGEN-PC on 16-08-2014 07:58:39 Running from C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z\FRST[1].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll => c:\progra~1\browse~1\sprote~1.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=206 BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-06] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-23] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Juergen\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Juergen\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 StumbleUponUpdater; C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ar5tfnth; C:\Windows\system32\Drivers\ar5tfnth.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-16 07:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-07-17 12:21 - 2014-07-17 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 08:00 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-16 07:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-16 07:50 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-16 07:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-16 07:20 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 07:20 - 2010-12-13 09:54 - 01049201 _____ () C:\Windows\WindowsUpdate.log 2014-08-16 07:19 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 07:19 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-16 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 14:07 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-15 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:52 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-14 21:50 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-14 21:45 - 2010-07-07 20:31 - 01105862 _____ () C:\Windows\PFRO.log 2014-08-14 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 21:45 - 2009-07-14 06:39 - 00193764 _____ () C:\Windows\setupact.log 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 22:24 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-07-18 22:10 - 2012-07-19 18:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\HpUpdate 2014-07-17 12:22 - 2014-07-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus 2014-07-17 12:22 - 2010-12-18 15:34 - 00000000 ____D () C:\ProgramData\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared 2014-07-17 12:19 - 2013-09-30 10:01 - 00000000 _____ () C:\END 2014-07-17 11:13 - 2009-07-14 06:33 - 00595720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-17 10:23 - 2010-12-13 11:40 - 00175904 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:35 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Und hier der Inhalt von Adition.txt -------------------------------- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Juergen (administrator) on JUERGEN-PC on 16-08-2014 07:58:39 Running from C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z\FRST[1].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll => c:\progra~1\browse~1\sprote~1.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=206 BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-06] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-23] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Juergen\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Juergen\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 StumbleUponUpdater; C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ar5tfnth; C:\Windows\system32\Drivers\ar5tfnth.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-16 07:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-07-17 12:21 - 2014-07-17 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 08:00 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-16 07:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-16 07:50 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-16 07:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-16 07:20 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 07:20 - 2010-12-13 09:54 - 01049201 _____ () C:\Windows\WindowsUpdate.log 2014-08-16 07:19 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 07:19 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-16 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 14:07 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-15 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:52 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-14 21:50 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-14 21:45 - 2010-07-07 20:31 - 01105862 _____ () C:\Windows\PFRO.log 2014-08-14 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 21:45 - 2009-07-14 06:39 - 00193764 _____ () C:\Windows\setupact.log 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 22:24 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-07-18 22:10 - 2012-07-19 18:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\HpUpdate 2014-07-17 12:22 - 2014-07-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus 2014-07-17 12:22 - 2010-12-18 15:34 - 00000000 ____D () C:\ProgramData\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared 2014-07-17 12:19 - 2013-09-30 10:01 - 00000000 _____ () C:\END 2014-07-17 11:13 - 2009-07-14 06:33 - 00595720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-17 10:23 - 2010-12-13 11:40 - 00175904 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:35 ==================== End Of Log ============================ --- --- --- --- --- --- Ich nutze Firefox NICHT als Standardbrowser, sondern SlimBrowser |
|
16.08.2014, 10:01
| #2 |
| /// the machine /// TB-Ausbilder    | PUP.Optional.Delta.A Windows 7 hi,
__________________Addition.txt von FRST fehlt 
__________________ |
|
17.08.2014, 12:58
| #3 |
| | PUP.Optional.Delta.A Windows 7 FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Juergen (administrator) on JUERGEN-PC on 16-08-2014 07:58:39 Running from C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z\FRST[1].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll => c:\progra~1\browse~1\sprote~1.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=206 BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-06] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-23] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Juergen\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Juergen\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 StumbleUponUpdater; C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ar5tfnth; C:\Windows\system32\Drivers\ar5tfnth.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-16 07:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-07-17 12:21 - 2014-07-17 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 08:00 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-16 07:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-16 07:50 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-16 07:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-16 07:20 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 07:20 - 2010-12-13 09:54 - 01049201 _____ () C:\Windows\WindowsUpdate.log 2014-08-16 07:19 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 07:19 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-16 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 14:07 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-15 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:52 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-14 21:50 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-14 21:45 - 2010-07-07 20:31 - 01105862 _____ () C:\Windows\PFRO.log 2014-08-14 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 21:45 - 2009-07-14 06:39 - 00193764 _____ () C:\Windows\setupact.log 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 22:24 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-07-18 22:10 - 2012-07-19 18:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\HpUpdate 2014-07-17 12:22 - 2014-07-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus 2014-07-17 12:22 - 2010-12-18 15:34 - 00000000 ____D () C:\ProgramData\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared 2014-07-17 12:19 - 2013-09-30 10:01 - 00000000 _____ () C:\END 2014-07-17 11:13 - 2009-07-14 06:33 - 00595720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-17 10:23 - 2010-12-13 11:40 - 00175904 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:35 ==================== End Of Log ============================ --- --- --- Hi schrauber, Addition.txt hab ich beim ersten Mal schon beigelegt. Jetzt oben nochmal. Weiß nicht, warum Du mir schreibst, dass die fehlen würde? Andere Dateien hab ich nicht bekommen. ich leg sie hier nochmal bei: ------------------------- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Juergen (administrator) on JUERGEN-PC on 16-08-2014 07:58:39 Running from C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z\FRST[1].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll => c:\progra~1\browse~1\sprote~1.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Google custom HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=206 BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-06] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-23] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Juergen\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Juergen\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 StumbleUponUpdater; C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ar5tfnth; C:\Windows\system32\Drivers\ar5tfnth.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-16 07:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-07-17 12:21 - 2014-07-17 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 08:00 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-16 07:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-16 07:50 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-16 07:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-16 07:20 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 07:20 - 2010-12-13 09:54 - 01049201 _____ () C:\Windows\WindowsUpdate.log 2014-08-16 07:19 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 07:19 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-16 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 14:07 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-15 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:52 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-14 21:50 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-14 21:45 - 2010-07-07 20:31 - 01105862 _____ () C:\Windows\PFRO.log 2014-08-14 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 21:45 - 2009-07-14 06:39 - 00193764 _____ () C:\Windows\setupact.log 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 22:24 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-07-18 22:10 - 2012-07-19 18:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\HpUpdate 2014-07-17 12:22 - 2014-07-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus 2014-07-17 12:22 - 2010-12-18 15:34 - 00000000 ____D () C:\ProgramData\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared 2014-07-17 12:19 - 2013-09-30 10:01 - 00000000 _____ () C:\END 2014-07-17 11:13 - 2009-07-14 06:33 - 00595720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-17 10:23 - 2010-12-13 11:40 - 00175904 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:35 ==================== End Of Log ============================ --- --- --- |
|
17.08.2014, 13:38
| #4 |
| | PUP.Optional.Delta.A Windows 7 Hi schrauber, Addition.txt hab ich beim ersten Mal schon beigelegt. Jetzt oben nochmal. Weiß nicht, warum Du mir schreibst, dass die fehlen würde? Andere Dateien hab ich nicht bekommen. ich leg sie hier nochmal bei: ------------------------- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Juergen (administrator) on JUERGEN-PC on 16-08-2014 07:58:39 Running from C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLXBLA3Z\FRST[1].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll => c:\progra~1\browse~1\sprote~1.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Google custom HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=206 BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-06] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-23] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Juergen\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Juergen\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 StumbleUponUpdater; C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ar5tfnth; C:\Windows\system32\Drivers\ar5tfnth.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-16 07:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-07-17 12:21 - 2014-07-17 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 08:00 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-16 07:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-16 07:58 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-16 07:50 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-16 07:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-16 07:20 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 07:20 - 2010-12-13 09:54 - 01049201 _____ () C:\Windows\WindowsUpdate.log 2014-08-16 07:19 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 07:19 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-16 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 14:07 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-15 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:52 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-14 21:50 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-14 21:45 - 2010-07-07 20:31 - 01105862 _____ () C:\Windows\PFRO.log 2014-08-14 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 21:45 - 2009-07-14 06:39 - 00193764 _____ () C:\Windows\setupact.log 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 22:24 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-07-18 22:10 - 2012-07-19 18:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\HpUpdate 2014-07-17 12:22 - 2014-07-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus 2014-07-17 12:22 - 2010-12-18 15:34 - 00000000 ____D () C:\ProgramData\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\DivX 2014-07-17 12:21 - 2010-12-18 15:36 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared 2014-07-17 12:19 - 2013-09-30 10:01 - 00000000 _____ () C:\END 2014-07-17 11:13 - 2009-07-14 06:33 - 00595720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-17 10:23 - 2010-12-13 11:40 - 00175904 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:35 ==================== End Of Log ============================ |
|
18.08.2014, 04:55
| #5 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Delta.A Windows 7 Du hast jetzt 5 mal die FRST.txt gepostet. Addition.txt fehlt immer noch. Und du führst FRST aus dem Temp Ordner aus. NICHT auf den Download klicken und ausführen wählen! Speichern, auf dem Desktop!
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.08.2014, 09:42
| #6 |
| | PUP.Optional.Delta.A Windows 7 Bei mir haben sich zwei Editor Fenster geöffnet. Auf dem einen steht FRST.txt und auf dem anderen Addition.txt. Beide Dateien habe ich hier gepostet. Dass im Addition.txt das gleiche stehen soll, wie im FRST.txt, wusste ich nicht. Hab mich auch gewundert, wo die Dateien sind. Auf dem Desktop sind sie nicht. Ich mach es nochmal vom Desktop aus. Hi Ichhab es nun nochmal gemacht: FRST.exe auf dem Desktop gespeichert, dann ausgeführt und Scan gedrückt. Er speicherte schon zu Beginn eine Datei, die FRST.txt heißt. Als der Scan zu Ende ist, geht ein Editor-Fenster auf, wo mir die FRST.exe angezeigt wird. Auf dem Desktop ist KEINE Addition.txt, auch nicht nach einem weiteren Scan. -------------------------- Dann hab ich alles wieder gelöscht und nochmal runter geladen UND ZUSÄTZLICH bei Option-Scan / Addition.txt einen Haken gemacht. Jetzt hab ich 2 verschiedene DAteien, was aber von der Vorgabe abweicht. --------------------------- Wenn ich die # drücke, kommt Script Error! in der Statusleiste  --------------------------- Hier nochmal beide Dateien --------------------------- FRST.txt --------------------------- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01 Ran by Juergen (administrator) on JUERGEN-PC on 18-08-2014 10:36:16 Running from C:\Users\Juergen\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll => c:\progra~1\browse~1\sprote~1.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://search.minilua.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=206 BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-06] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-23] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Juergen\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Juergen\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 StumbleUponUpdater; C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ar5tfnth; C:\Windows\system32\Drivers\ar5tfnth.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-18 10:36 - 2014-08-18 10:36 - 00037736 _____ () C:\Users\Juergen\Desktop\FRST.txt 2014-08-18 10:36 - 2014-08-18 10:36 - 00037736 _____ () C:\Users\Juergen\Desktop\FRST - Kopie.txt 2014-08-18 10:35 - 2014-08-18 10:35 - 01093632 _____ (Farbar) C:\Users\Juergen\Desktop\FRST.exe 2014-08-17 14:30 - 2014-08-17 14:30 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Tools&More 2014-08-16 07:58 - 2014-08-18 10:36 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-18 08:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-18 10:36 - 2014-08-18 10:36 - 00037736 _____ () C:\Users\Juergen\Desktop\FRST.txt 2014-08-18 10:36 - 2014-08-18 10:36 - 00037736 _____ () C:\Users\Juergen\Desktop\FRST - Kopie.txt 2014-08-18 10:36 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-18 10:35 - 2014-08-18 10:35 - 01093632 _____ (Farbar) C:\Users\Juergen\Desktop\FRST.exe 2014-08-18 10:35 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-18 10:14 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-18 10:09 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-18 10:05 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-18 10:00 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-18 09:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-18 08:32 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-18 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-17 23:46 - 2010-12-13 09:54 - 01050129 _____ () C:\Windows\WindowsUpdate.log 2014-08-17 14:30 - 2014-08-17 14:30 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Tools&More 2014-08-17 14:30 - 2011-06-29 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5CentSMS 2014-08-17 14:30 - 2011-06-29 22:02 - 00000000 ____D () C:\Program Files\5CentSMS 2014-08-17 14:28 - 2011-05-21 11:24 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-08-17 13:54 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-15 14:07 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:55 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:52 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-14 21:50 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-14 21:45 - 2010-07-07 20:31 - 01105862 _____ () C:\Windows\PFRO.log 2014-08-14 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 21:45 - 2009-07-14 06:39 - 00193764 _____ () C:\Windows\setupact.log 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 22:24 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 00:50 ==================== End Of Log ============================ --- --- --- ------------------------------ Hier die Addition.txt ------------------------------FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2014 01
Ran by Juergen at 2014-08-18 10:37:08
Running from C:\Users\Juergen\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4Videosoft iPhone Transfer Platinum 7.0.08 (HKLM\...\{E16D939E-1E8B-44ca-A57A-9A8768BFAA0E}_is1) (Version: 7.0.08 - 4Videosoft Studio)
5600 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5CentSMS (HKLM\...\{5BD01142-5F93-4B00-AFC0-C00EC58C2294}) (Version: 3.02.0000 - Wirth IT-Design)
5CentSMS (HKLM\...\{90141793-E338-4EEB-B7E8-8CDED19D908D}) (Version: 2.01.0200 - Wolfgang Wirth IT-Design)
Adobe After Effects 7.0 (HKLM\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe After Effects 7.0 (Version: 7.0.0.244 - Adobe Systems, Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe ConnectNow Add-in (HKCU\...\Adobe ConnectNow Add-in) (Version: - )
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe ExtendScript Toolkit 1.0 (Version: 001.000.002 - Adobe Systems) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Premiere Pro 2.0 (HKLM\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Premiere Pro 2.0 (Version: 2.000.000 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Stock Photos 1.0 (Version: 1.0.2 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (Version: 2.0 - Adobe Systems, Inc.) Hidden
Affiliate Rewarder (HKLM\...\affrewa) (Version: 1.91 - UNKNOWN)
Affiliate Rewarder (Version: 1.91 - UNKNOWN) Hidden
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Android Skin Pack 1.0-X86 (HKLM\...\Android Skin Pack) (Version: 1.0-X86 - Publisher)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artisteer 4 (HKLM\...\Artisteer 4) (Version: 4.0 - Extensoft)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM\...\Ashampoo Photo Commander_is1) (Version: 8.3.2 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM\...\Ashampoo Snap_is1) (Version: 3.4.1 - ashampoo GmbH & Co. KG)
Assistant 5.05.010 (HKLM\...\Assistant) (Version: 5.5.10.0 - Medion)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avi2Dvd 0.6.4 (HKLM\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Billard (HKLM\...\{7A92A322-1A10-4153-B551-D547AA9B4649}) (Version: 1.0 - media Verlagsgesellschaft mbH)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1752D07B-9BEB-414F-9B51-AA529101F0E5}) (Version: 0.9.12 - Kovid Goyal)
CamStudio (HKLM\...\CamStudio) (Version: - )
Camtasia Studio 7 (HKLM\...\{DE042823-C359-4B87-B66B-308057E8B6AF}) (Version: 7.0.1 - TechSmith Corporation)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{9032D87D-23E8-4FA1-8422-C11747A4FA23}) (Version: 3.1.0 - IvoSoft)
Conference Recording Service (HKLM\...\{B293F0E6-10B7-45FD-BACF-18826515C246}_is1) (Version: - GVO, Inc.)
Convert AVI to MP4 1.3 (HKLM\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version: - convertavitomp3.com)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version: - )
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
Cover Commander 3.1.3 by Insofta Development (HKLM\...\Cover Commander) (Version: 3.1.3 - Insofta Development)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021a - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021a - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3101 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.3101 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Dell-Druckersoftware (HKLM\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Domain Samurai (HKLM\...\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.2.81 - Alliance Software Pty Ltd)
Domain Samurai (Version: 0.2.81 - Alliance Software Pty Ltd) Hidden
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.30 - Runtime Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Easy DeskShare V.3.3 (HKLM\...\Easy DeskShare_is1) (Version: - Talk Fusion)
Easy eCover Creator (HKLM\...\{6B50BCF4-9C47-422D-91AA-B2A4C9DE4A3D}_is1) (Version: - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
EPS PostScript PDF 2 JPG & Co 1 (HKLM\...\EPS PostScript PDF 2 JPG & Co 1) (Version: - )
Ezvid (HKLM\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0.9.2.0 - Ezvid, inc.)
Fast Image-Map 2.2.1 (HKLM\...\FastImageMap_is1) (Version: 2.2.1.0 - Martin Hentschel (CL-Soft))
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow [rev 3299] [2010-03-03] (HKLM\...\ffdshow_is1) (Version: 1.0.0.3299 - )
FileZilla Client 3.9.0.3 (HKLM\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
FileZilla Server (HKLM\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
Findet Nemo (HKLM\...\InstallShield_{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}) (Version: 1.00.0000 - THQ)
Findet Nemo (Version: 1.00.0000 - THQ) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FlashPeak SlimBrowser (HKLM\...\SlimBrowser) (Version: 7.00.103 - FlashPeak Inc.)
FlatOut2 (HKLM\...\{7E641E46-81DB-4D1D-906A-48342523051C}) (Version: 1.00.0000 - Ihr Firmenname)
Free FLV to iPhone Converter (HKLM\...\Free FLV to iPhone Converter_is1) (Version: - )
Free Studio version 5.7.6.1015 (HKLM\...\Free Studio_is1) (Version: 5.7.6.1015 - DVDVideoSoft Ltd.)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube to MP3 Converter version 3.9.40.602 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GIMPshop 2.2.8 (HKLM\...\GIMPshop) (Version: 2.2.8 - The GIMP team (hack by Scott Moschella))
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.0.1558 (HKCU\...\GoToMeeting) (Version: 6.4.0.1558 - CitrixOnline)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{8D7507C3-DF2B-4740-8700-8227C2C7AE81}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{23808E88-87BA-4BF0-8C8F-DC7D9DB40359}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11352 - HP Photo Creations)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Inkscape 0.48.2 (HKLM\...\Inkscape) (Version: 0.48.2 - )
InstantArticleWizard (HKLM\...\InstantArticleWizard) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
ISDN CAPI Port (HKLM\...\AVM ISDN CAPI Port) (Version: - )
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
jAlbum (HKLM\...\{4D067FE4-F477-437A-BB66-F013721E9EB4}) (Version: 9.6.1 - Jalbum AB)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KEmulator 0.9.8 (HKLM\...\KEmulator 0.9.8) (Version: - )
K-Lite Mega Codec Pack 7.1.9 (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.9 - )
Kwyshell MidpX Emulator Package 1.3.1 (HKLM\...\Kwyshell MidpX Emulator Package) (Version: 1.3.1 - G.Corp)
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.0.3.0 - Lightworks)
Logitech Gaming Software 5.01 (HKLM\...\{C5961323-A2E5-4FAB-B92D-DBF6C282F0F5}) (Version: 5.01.256 - Logitech)
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{2E01C311-3ED2-42CF-B1E9-9A36D4B9E26B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (HKLM\...\MAGIX_{258D56DE-24F2-479E-BED2-8103CB0B9D58}) (Version: 12.0.0.32 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Version: 12.0.0.32 - MAGIX AG) Hidden
MailNavigator (HKLM\...\MailNavigator) (Version: 1.14 - GEO Ltd)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Market Samurai (HKLM\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.87.70 - Alliance Software Pty Ltd)
Market Samurai (Version: 0.87.70 - Alliance Software Pty Ltd) Hidden
Mass Video Blaster (HKLM\...\Mass Video Blaster) (Version: 2.32 - Vlad M.)
Medion GoPal Assistant 4.03.006 (HKLM\...\Medion GoPal Assistant) (Version: 4.3.6.0 - Medion)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mindjet (HKLM\...\{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}) (Version: 11.1.353 - Mindjet)
MiniTool Partition Wizard Home Edition 7.5 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Miranda IM 0.10.12 (HKLM\...\Miranda IM) (Version: 0.10.12 - Miranda IM Project)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.030.01.26.75 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 17.0.7 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.7 (x86 de)) (Version: 17.0.7 - Mozilla)
MPC-HC 1.6.5.6366 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.5.6366 - MPC-HC Team)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Newsoft H264 Decoder (HKLM\...\{C26ED93F-A16E-4FC9-B158-A1D5CC604949}) (Version: 1.04.01 - NewSoft)
Nokia Configuration Tool (HKLM\...\Nokia Configuration Tool 6.3) (Version: Nokia Configuration Tool - Nokia)
Nokia Configuration Tool 6.3 (Version: 6.3.0.0 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Software Updater 3 (HKLM\...\{F7848E67-E66A-40CB-887B-5BB56AB4C3F6}) (Version: 3.0.223 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.3.89.0 - Nokia)
Nokia Suite (Version: 3.3.89.0 - Nokia) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.5 - )
Nvu 1.0 (HKLM\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
OGG to MP3 Converter 1.2 (HKLM\...\{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1) (Version: - www.oggtomp3converter.com)
OJOsoft Total Video Converter (HKLM\...\OJOsoft Total Video Converter_is1) (Version: 2.7.5.0412 - OJOsoft)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF4819}) (Version: 4.0.3 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Picture Collage Maker Pro 4.0.1 (HKLM\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.0.1 - PearlMountain Technology Co., Ltd)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poedit (HKLM\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.5.4 - Vaclav Slavik)
PST Walker 5.10 (HKLM\...\PST Walker_is1) (Version: - PST Walker Software)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Setup1 (HKLM\...\{F6C80B93-EDC2-4D26-AB46-8F5624E70BAE}) (Version: 1.0.0 - Microsoft)
Shape Collage (HKLM\...\ShapeCollage) (Version: - Shape Collage Inc.)
Sigil 0.6.2 (HKLM\...\Sigil_is1) (Version: - John Schember)
Sjboy Beta4 (HKLM\...\Sjboy_is1) (Version: - www.sjboy.cn)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SMPlayer 0.6.9 (HKLM\...\SMPlayer) (Version: 0.6.9 - RVM)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stellarium 0.11.0 (HKLM\...\Stellarium_is1) (Version: - )
Stop Money Worries (HKLM\...\{230CA1A5-F954-4B05-B746-3AEE5B3F5462}) (Version: 1.02 - Simplicity Programming)
Streamripper (Remove only) (HKLM\...\Streamripper) (Version: - )
Studie zur Verbesserung von HP ENVY 4500 series (HKLM\...\{5C3EB7C3-F5CC-479E-A082-B30B950C0AC4}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (HKLM\...\{8F311E72-C27F-4DF0-8254-B739A1831668}_is1) (Version: v2012.build.53 - eRightSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TheBrain 7 (HKLM\...\1190-3857-8766-9166) (Version: 7.0.4.5 - TheBrain Technologies)
TipCam 2.5 Beta (HKLM\...\TipCam) (Version: 2.5 Beta - UTIPU, Inc.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Immersion D'Fusion @Home Web Plug-In (HKLM\...\D'Fusion @Home Web Plug-In) (Version: - Total Immersion)
trakAxPC (HKLM\...\{CAB81583-0310-43E1-8E33-0864985EDD67}) (Version: 3.01.1 - HighAndes)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tube Rankster (HKLM\...\{04B1E6A2-F860-471B-AC84-C04725B5825E}) (Version: 2.0.0 - video Shadow)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
tViewer (HKLM\...\{17F689FE-B0CA-4F22-BED2-9756EFC4A1DC}) (Version: 1.0 - NTSoftwares)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Niche Dominator v1.17 (HKLM\...\Video Niche Dominator_is1) (Version: - )
Video Shadow (HKLM\...\{44A31720-8DC7-478C-9737-1054A698434B}) (Version: 2.1.4 - Video Shadow)
Viral Submitter Pro (HKLM\...\Viral.Submitter.Pro) (Version: 1.0.1 - Viper Consulting, LLC)
Viral Submitter Pro (Version: 1.0.1 - Viper Consulting, LLC) Hidden
Viral Toolbar Builder (HKLM\...\Viral Toolbar Builder_is1) (Version: - )
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VoiceBo (HKLM\...\VoiceBo) (Version: 0.9.14 - UNKNOWN)
VoiceBo (Version: 0.9.14 - UNKNOWN) Hidden
Wav2MP3 Wizard v3.2 (Build 354) (HKLM\...\Wav2MP3 Wizard_is1) (Version: 3.2.354 - Discovery Open-Source Development Group)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinHTTrack Website Copier 3.44-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.44.1 - HTTrack)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinX Free DVD to FLV Ripper 4.3.13 (HKLM\...\WinX Free DVD to FLV Ripper_is1) (Version: - Digiarty Software,Inc.)
WinX Free WMV to MP4 Converter 2.0.7 (HKLM\...\WinX Free WMV to MP4 Converter_is1) (Version: - Digiarty Software,Inc.)
WinZip (HKLM\...\WinZip) (Version: 8.1 SR-1 (5266g) - WinZip Computing, Inc.)
Wondershare Data Recovery(Build 4.6.1.3) (HKLM\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.6.1.3 - Wondershare Software Co.,Ltd.)
Wondershare Dr.Fone für iOS(Build 3.5.0.25) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 3.5.0.25 - Wondershare Software Co.,Ltd.)
WOW Slider (HKLM\...\WOW Slider) (Version: - )
XAMPP 1.8.1 (HKLM\...\xampp) (Version: - )
XMind 2012 (v3.3.1) (HKLM\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.5 - ZONER software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
04-08-2014 19:51:23 paint.net v4.0.3
04-08-2014 20:38:26 Installed Java 7 Update 67
14-08-2014 19:22:15 Geplanter Prüfpunkt
17-08-2014 12:29:00 5CentSMS wird installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03047D74-C667-44DB-92DD-BD2E81F0EE10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0D5ED7E1-C0CF-4939-9478-2FE5FE615760} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {1BD21F84-4A92-4229-88F7-25B288E736E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30] (Google Inc.)
Task: {21AE62E0-8482-43FF-B178-4D0CC4FA1784} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {22E2D6F4-1D6E-442B-AA72-124661383C6F} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {2FE9ED40-A9E3-4988-B673-F3034B7CE7F6} - System32\Tasks\{15D4C030-218D-437E-BE0C-04D5B5ADBCE5} => C:\Program Files\Handbrake\Handbrake.exe [2013-05-30] (HandBrake)
Task: {5CDEB712-C834-4702-90FD-8C00DC8E2918} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30] (Google Inc.)
Task: {65395C5F-21CC-48E3-A631-11C4F225FFDF} - System32\Tasks\{41501BA6-F18C-4C47-8371-E125D89EE17F} => C:\Program Files\Eumex 400\Eumex400.exe
Task: {67992341-37AF-44E6-BF4E-A601A0EAA275} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-13] (Google Inc.)
Task: {690EAAC6-09C2-4B7A-A9AD-F4E0DC656D2B} - System32\Tasks\Google Updater and Installer => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30] (Google Inc.)
Task: {76584874-5CFD-4C4D-87E2-E40DD8E78751} - System32\Tasks\{57F7835F-F1F8-492D-AA02-FFD5F18BEA2B} => C:\Eumex400\Konfig\V1.03.01\Setup.exe
Task: {8AE5569D-CB36-4A63-85DA-9E82F5248DE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-13] (Google Inc.)
Task: {CA795972-B87D-4D03-A4EB-AC43A92D7DF1} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-03-14] ()
Task: {CAEDB59F-CC5F-4D74-91C0-1B1F30757B60} - System32\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000 => C:\Users\Juergen\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CF1757AC-8742-4E3C-86B4-274476AF76A4} - System32\Tasks\{B4D9143E-56FC-4708-A1FF-CCF4C15A93B1} => C:\Program Files\Eumex 400\Eumex400.exe
Task: {E0511C02-1298-4CD6-9A56-9C34DE1E4939} - System32\Tasks\{FCAF3FCF-07E6-452F-B01A-C16F1B9F6484} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {E26D82E4-C0C8-47C9-89A2-FAD718231193} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {FFE0339D-091A-475E-ABB4-9A75CFEB4D30} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job => C:\Users\Juergen\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2010-12-22 08:03 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2011-08-19 17:44 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2005-04-06 16:52 - 2005-04-06 16:52 - 00028791 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057453 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00102515 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00053364 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057455 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00032880 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00434255 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 01019904 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 03502080 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2014-08-13 16:09 - 2014-08-13 16:09 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2010-10-06 02:38 - 2010-02-10 12:34 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2011-06-08 23:49 - 2011-06-08 23:49 - 01929576 _____ () C:\Windows\system32\HPScanTRDrv_DJ3070_B611.dll
2011-11-22 10:59 - 2011-11-22 10:59 - 00018432 _____ () C:\Users\Juergen\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-09 13:11 - 2014-03-09 13:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-10-06 01:37 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-08-06 13:48 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Juergen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2011-06-29 19:59 - 2011-03-31 10:45 - 00061440 _____ () C:\Windows\system32\easyDeskShare.ax
2014-08-14 21:50 - 2014-08-14 21:50 - 00043008 _____ () c:\users\juergen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemtbt9.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Juergen\AppData\Roaming\Dropbox\bin\libcef.dll
2012-05-17 06:26 - 2012-05-17 06:26 - 00088496 _____ () C:\Program Files\SlimBrowser\easyhook32.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Juergen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk => C:\Windows\pss\Skype.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Classic Start Menu => C:\Program Files\Classic Shell\ClassicStartMenu.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Deskjet 3070 B611 series (NET) => "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN23C6C0S005MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MMReminderService => C:\Program Files\Mindjet\MindManager 11\MMReminderService.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: NSU_agent => "C:\Program Files\Nokia\Nokia Software Updater 3\nsu3ui_agent.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RockMelt Update => "C:\Users\Juergen\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
==================== Faulty Device Manager Devices =============
Name: Deskjet 3070 B611 series
Description: Deskjet 3070 B611 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/18/2014 00:16:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/17/2014 02:47:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c34
Startzeit: 01cfb7f8663c3968
Endzeit: 222
Anwendungspfad: C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
Berichts-ID: 9122112d-260c-11e4-af87-404e57434404
Error: (08/17/2014 09:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969
Error: (08/17/2014 09:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969
Error: (08/17/2014 09:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/17/2014 07:58:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: Juergen-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/17/2014 00:38:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/16/2014 09:27:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8877
Error: (08/16/2014 09:27:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8877
Error: (08/16/2014 09:27:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (08/14/2014 09:46:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
archlp
Error: (08/14/2014 09:46:06 PM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (08/14/2014 09:46:03 PM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (08/14/2014 09:45:20 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber archlp.sys konnte nicht geladen werden.
Error: (08/14/2014 09:22:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8086EBD4-43E3-4B19-BEB3-F0EA4ECF319C}
Error: (08/14/2014 08:34:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}
Error: (08/14/2014 05:15:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
archlp
Error: (08/14/2014 05:14:42 PM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (08/14/2014 05:13:59 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber archlp.sys konnte nicht geladen werden.
Error: (08/14/2014 02:34:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
archlp
Microsoft Office Sessions:
=========================
Error: (08/18/2014 00:16:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP ENVY 4500 series\DriverStore\Yeti\V3\amd64\hpinkinsC511.exe
Error: (08/17/2014 02:47:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532c3401cfb7f8663c3968222C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe9122112d-260c-11e4-af87-404e57434404
Error: (08/17/2014 09:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969
Error: (08/17/2014 09:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969
Error: (08/17/2014 09:08:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/17/2014 07:58:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: Juergen-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/17/2014 00:38:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP ENVY 4500 series\DriverStore\Yeti\V3\amd64\hpinkinsC511.exe
Error: (08/16/2014 09:27:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8877
Error: (08/16/2014 09:27:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8877
Error: (08/16/2014 09:27:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
Percentage of memory in use: 58%
Total physical RAM: 3510.61 MB
Available physical RAM: 1465.78 MB
Total Pagefile: 7019.5 MB
Available Pagefile: 3899.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.58 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:415.13 GB) (Free:30.55 GB) NTFS
Drive d: (Recover) (Fixed) (Total:49.53 GB) (Free:5.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7A2D7A2D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1022 MB) - (Type=12)
==================== End Of Log ============================
|
|
19.08.2014, 04:35
| #7 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Delta.A Windows 7 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2014, 21:10
| #8 |
| | PUP.Optional.Delta.A Windows 7 N'Abend ;-)AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.307 - Bericht erstellt am 19/08/2014 um 21:43:43
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Juergen - JUERGEN-PC
# Gestartet von : C:\Users\Juergen\Desktop\adwcleaner_3.307.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : StumbleUponUpdater
[#] Dienst Gelöscht : KMService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Bryowwsee2ssave
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Users\Juergen\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Juergen\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Juergen\AppData\LocalLow\StumbleUpon
Ordner Gelöscht : C:\Users\Juergen\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Juergen\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Juergen\AppData\Roaming\NCdownloader
Ordner Gelöscht : C:\Users\Juergen\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Juergen\Documents\Updater
Ordner Gelöscht : C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Windows\system32\srvany.exe
Datei Gelöscht : C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\invalidprefs.js
Datei Gelöscht : C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\winamp-search.xml
Datei Gelöscht : C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\user.js
Datei Gelöscht : C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage
Datei Gelöscht : C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StumbleUpon
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\browse~1\sprote~1.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\prefs.js ]
Zeile gelöscht : user_pref("CT2720081.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2720081.CTID", "CT2720081");
Zeile gelöscht : user_pref("CT2720081.CurrentServerDate", "5-2-2011");
Zeile gelöscht : user_pref("CT2720081.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2720081.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2720081.EMailNotifierPollDate", "Sat Feb 05 2011 21:23:45 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.FeedLastCount129248891425073064", 80);
Zeile gelöscht : user_pref("CT2720081.FeedPollDate129225116238185771", "Sat Feb 05 2011 21:23:45 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.FeedPollDate129225147492879732", "Sat Feb 05 2011 21:23:46 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.FeedPollDate129245643951202078", "Sat Feb 05 2011 21:23:47 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.FeedPollDate129245643951202084", "Sat Feb 05 2011 21:23:45 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.FeedTTL129225116238185771", 40);
Zeile gelöscht : user_pref("CT2720081.FeedTTL129225147492879732", 40);
Zeile gelöscht : user_pref("CT2720081.FeedTTL129245643951202078", 40);
Zeile gelöscht : user_pref("CT2720081.FeedTTL129245643951202084", 40);
Zeile gelöscht : user_pref("CT2720081.FirstServerDate", "5-2-2011");
Zeile gelöscht : user_pref("CT2720081.FirstTime", true);
Zeile gelöscht : user_pref("CT2720081.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2720081.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2720081.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2720081.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2720081.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2720081.Initialize", true);
Zeile gelöscht : user_pref("CT2720081.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2720081.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT2720081.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2720081.InstalledDate", "Sat Feb 05 2011 21:23:45 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2720081.IsGrouping", false);
Zeile gelöscht : user_pref("CT2720081.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2720081.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2720081.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2720081.LanguagePackLastCheckTime", "Sat Feb 05 2011 21:23:47 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2720081.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2720081.LastLogin_2.7.2.0", "Sat Feb 05 2011 21:23:47 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.LatestVersion", "3.2.5.2");
Zeile gelöscht : user_pref("CT2720081.Locale", "en");
Zeile gelöscht : user_pref("CT2720081.LoginCache", 4);
Zeile gelöscht : user_pref("CT2720081.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2720081.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2720081.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2720081.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2720081.RadioLastCheckTime", "Sat Feb 05 2011 21:23:49 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000");
Zeile gelöscht : user_pref("CT2720081.RadioMediaID", "21079850");
Zeile gelöscht : user_pref("CT2720081.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2720081.RadioMenuSelectedID", "EBRadioMenu_CT272008121079850");
Zeile gelöscht : user_pref("CT2720081.RadioStationName", "AHL%20-%20Grand%20Rapids%20Griffins");
Zeile gelöscht : user_pref("CT2720081.RadioStationURL", "hxxp://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=2037&pid=2037&gid=101]]");
Zeile gelöscht : user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2720081&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2720081.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2720081.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2720081.SearchInNewTabLastCheckTime", "Sat Feb 05 2011 21:23:50 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2720081.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2720081.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2720081.SettingsLastCheckTime", "Sat Feb 05 2011 21:23:43 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.SettingsLastUpdate", "1295945133");
Zeile gelöscht : user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 21:23:43 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1246790578");
Zeile gelöscht : user_pref("CT2720081.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2720081.Uninstall", true);
Zeile gelöscht : user_pref("CT2720081.UserID", "UN68032654658748509");
Zeile gelöscht : user_pref("CT2720081.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2720081.WeatherPollDate", "Sat Feb 05 2011 21:23:47 GMT+0100");
Zeile gelöscht : user_pref("CT2720081.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2720081.alertChannelId", "1112366");
Zeile gelöscht : user_pref("CT2720081.clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2720081.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2720081.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2720081.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2720081.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2720081.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2720081.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2720081.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2720081");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2720081");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 05 2011 21:23:45 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 05 2011 21:23:43 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "{cb2833fc-cfe9-47f7-8433-a64771c50d36}");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 05 2011 21:23:49 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Sat Feb 05 2011 21:23:50 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Sat Feb 05 2011 21:23:50 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Sat Feb 05 2011 21:23:50 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Sat Feb 05 2011 21:23:50 GMT+0100");
Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"history-p[...]
Zeile gelöscht : user_pref("extensions.5131a212c4561.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "1e6b7ca500000000000000ff394dda61");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15843");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.016:08:46");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119779&tt=gc_");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3,{a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10,de-AT@dictionaries.addons.mozilla.org:2.0.3,fastdial@telega.phpnet.us:4[...]
Zeile gelöscht : user_pref("extensions.snipit.askTbInstalled", true);
Zeile gelöscht : user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"11\": {\"id\": \"11\",\"title\": \"KwiClick\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/en-US/firefox/downl[...]
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.AutoSearchEventData", "auto%20search");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.ClearCacheDate", 13);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.DnsCatchEventData", "dns%20catch");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.EnableDCA", true);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.FirstLaunchShown", true);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.LoadLayoutDate.61495", 13);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.NewTabSearchEventData", "tab%20search");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.ShowRecommendedOptions", true);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.StateReportDate", "1292229435713");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.TopRightSearchEventData", "top%20right%20search");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.customNewTab", false);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.data", "970E0D327E91ACB7AE5FC2C7B268ABD9A70C71F6925C4BFAB44253B0B46B6E5B065BAA90F3DFBC54D080FC581C6609E921949A43F5528E3E6599BE6663F6A572");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.CaptureType", 3);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.lastPrivacyRulesTime", 1292229431);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.lastPrivacyRulesUrl", "hxxp://dcs.consumerinput.com/cgi-bin/RulesReturn.py");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.lastWhitelistTime", 1292229431);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.lastWhitelistUrl", "hxxp://dcs.consumerinput.com/cgi-bin/WhiteList.py");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.panelID", "freecausefox");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.userID", "FCZ3CP527142691");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.version", "6211");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.dca.whitelistInterval", 1440);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.helpUsImprove", true);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.hideOthers", false);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.installDate", "01092010");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.lastPingTime", 1292229435);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.processAddrBar", false);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.restoreSearch", false);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.revision", "35");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.searchHistory", true);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.session", "2159738E1BD022CA45C8015C31A8C99A65DDF0FFFC1FF1015CA12ABE45660E1D2297F3C2CF81469C7F3B7850ADF2D2A814E7C980CB1514922ECCF03E954F9491C5322A02[...]
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.showFirstLaunchOptions", false);
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.stday", "13");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.sthour", "9");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.tb_lang", "en");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.tbver", "1.300.306");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.tool_id", "61495");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.user_id", "27142691");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.user_key", "73e33f1d78ada1a5a9e478498b334016c92625fe");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.user_layouts", "61495");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.user_lnames", "Webs%20Credits");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.voicebox.surveys", "");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.voicebox.version", "1013");
Zeile gelöscht : user_pref("freecausecc6a5222162d49b3b2ca28eade05a059.yahooSearch", false);
Zeile gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gelöscht : user_pref("surfcanyon.last_checked_ts", "1267029801458");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
Zeile gelöscht : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;aim_go_away_default_btn;wa_aol_bg_5r;");
Zeile gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Zeile gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "13");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "11");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2010");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "5");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "5");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "6");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "1");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "28");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Zeile gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Zeile gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Zeile gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Zeile gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.appversion", "1");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.volume", "249");
-\\ Google Chrome v36.0.1985.143
[ Datei : C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA018DD8B-8EBE-4517-AE36-25FB36A45FB2&SearchSource=58&CUI=&UM=6&UP=SP95041FD1-767A-419B-B930-6D2E3BA3155D&q={searchTerms}&SSPV=
[ Datei : C:\Users\Tester\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [27767 octets] - [19/08/2014 21:36:18]
AdwCleaner[S0].txt - [27691 octets] - [19/08/2014 21:43:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27752 octets] ##########
--------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Home Premium x86 Ran by Juergen on 19.08.2014 at 21:56:40,33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2734857389-447802245-3377701426-1000\Software\sweetim ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\simplitec" Successfully deleted: [Folder] "C:\Users\Juergen\AppData\Roaming\getrighttogo" Successfully deleted: [Folder] "C:\Users\Juergen\AppData\Roaming\simplitec" Successfully deleted: [Folder] "C:\Program Files\myfree codec" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted the following from C:\Users\Juergen\AppData\Roaming\mozilla\firefox\profiles\pdi30a20.default\prefs.js user_pref("services.sync.client.GUID", "hv9D5qjN8Y4N"); user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:\"hxxp://wedata.net/databases/AutoPagerize/items.json\", expire new Date(1Emptied folder: C:\Users\Juergen\AppData\Roaming\mozilla\firefox\profiles\pdi30a20.default\minidumps [63 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19.08.2014 at 22:02:31,95 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01 Ran by Juergen (administrator) on JUERGEN-PC on 19-08-2014 22:03:09 Running from C:\Users\Juergen\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Google custom HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-19] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ay6bxyp2; C:\Windows\system32\Drivers\ay6bxyp2.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 22:02 - 2014-08-19 22:02 - 00001657 _____ () C:\Users\Juergen\Desktop\JRT.txt 2014-08-19 21:50 - 2014-08-19 21:50 - 00027833 _____ () C:\Users\Juergen\Desktop\AdwCleaner[S0].txt 2014-08-19 21:49 - 2014-08-19 21:49 - 00000000 ____D () C:\Windows\ERUNT 2014-08-19 21:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-19 21:36 - 2014-08-19 21:44 - 00000000 ____D () C:\AdwCleaner 2014-08-19 21:34 - 2014-08-19 21:34 - 01016261 _____ (Thisisu) C:\Users\Juergen\Desktop\JRT.exe 2014-08-19 21:32 - 2014-08-19 21:32 - 01361671 _____ () C:\Users\Juergen\Desktop\adwcleaner_3.307.exe 2014-08-18 10:37 - 2014-08-18 10:38 - 00061946 _____ () C:\Users\Juergen\Desktop\Addition.txt 2014-08-18 10:36 - 2014-08-19 22:03 - 00031364 _____ () C:\Users\Juergen\Desktop\FRST.txt 2014-08-18 10:36 - 2014-08-18 10:36 - 00037736 _____ () C:\Users\Juergen\Desktop\FRST - Kopie.txt 2014-08-18 10:35 - 2014-08-18 10:35 - 01093632 _____ (Farbar) C:\Users\Juergen\Desktop\FRST.exe 2014-08-17 14:30 - 2014-08-17 14:30 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Tools&More 2014-08-16 07:58 - 2014-08-19 22:03 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-19 21:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-06 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 22:03 - 2014-08-18 10:36 - 00031364 _____ () C:\Users\Juergen\Desktop\FRST.txt 2014-08-19 22:03 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-19 22:02 - 2014-08-19 22:02 - 00001657 _____ () C:\Users\Juergen\Desktop\JRT.txt 2014-08-19 22:02 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-19 22:02 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-19 21:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-19 21:58 - 2010-12-13 09:54 - 01059653 _____ () C:\Windows\WindowsUpdate.log 2014-08-19 21:57 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-19 21:57 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-19 21:56 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-19 21:56 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-19 21:55 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-19 21:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-19 21:52 - 2009-07-14 06:39 - 00193876 _____ () C:\Windows\setupact.log 2014-08-19 21:50 - 2014-08-19 21:50 - 00027833 _____ () C:\Users\Juergen\Desktop\AdwCleaner[S0].txt 2014-08-19 21:49 - 2014-08-19 21:49 - 00000000 ____D () C:\Windows\ERUNT 2014-08-19 21:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-19 21:46 - 2010-07-07 20:31 - 01106672 _____ () C:\Windows\PFRO.log 2014-08-19 21:44 - 2014-08-19 21:36 - 00000000 ____D () C:\AdwCleaner 2014-08-19 21:34 - 2014-08-19 21:34 - 01016261 _____ (Thisisu) C:\Users\Juergen\Desktop\JRT.exe 2014-08-19 21:34 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-19 21:33 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-19 21:32 - 2014-08-19 21:32 - 01361671 _____ () C:\Users\Juergen\Desktop\adwcleaner_3.307.exe 2014-08-19 21:09 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-19 21:05 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-19 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-18 22:33 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-18 10:38 - 2014-08-18 10:37 - 00061946 _____ () C:\Users\Juergen\Desktop\Addition.txt 2014-08-18 10:36 - 2014-08-18 10:36 - 00037736 _____ () C:\Users\Juergen\Desktop\FRST - Kopie.txt 2014-08-18 10:35 - 2014-08-18 10:35 - 01093632 _____ (Farbar) C:\Users\Juergen\Desktop\FRST.exe 2014-08-17 14:30 - 2014-08-17 14:30 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Tools&More 2014-08-17 14:30 - 2011-06-29 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5CentSMS 2014-08-17 14:30 - 2011-06-29 22:02 - 00000000 ____D () C:\Program Files\5CentSMS 2014-08-17 14:28 - 2011-05-21 11:24 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:31 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 14:02 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-06 14:02 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-06 14:02 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeg__af.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\Quarantine.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 00:50 ==================== End Of Log ============================ |
|
20.08.2014, 10:57
| #9 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Delta.A Windows 7ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.08.2014, 09:24
| #10 |
| | PUP.Optional.Delta.A Windows 7 ESET lief jetzt recht flotte 18 Stunden... --------------- ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=ed2f2fd6da4f8a4dad8424d98119d817 # engine=19745 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-21 06:05:04 # local_time=2014-08-21 08:05:04 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 0 28647890 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 14239637 160232295 0 0 # scanned=1040120 # found=53 # cleaned=0 # scan_time=65737 sh=8DAA0F6A8270D834CC46CF80FD3A4D62CD4EB6DD ft=0 fh=0000000000000000 vn="Win32/Trustezeb.E Trojaner" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2734857389-447802245-3377701426-1000\$RR1QTJ0.zip" sh=0B756802CDD8FCA064D7546EC920F16F3187448B ft=1 fh=75a4f95b51866dba vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2734857389-447802245-3377701426-1000\$RV606QQ.exe" sh=34C4268C480CABF0CC5574B82843AFEF94B46FFC ft=0 fh=0000000000000000 vn="Win32/Trustezeb.E Trojaner" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2734857389-447802245-3377701426-1000\$RK8K8AK.2013\Juergen Rahm Beweise Ihrer Abmahnung der Urheberrechtsverletzung vom 10.12.2013.zip" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=A47739F27C4BC8FD3A48B4A90B40679DF1218E1B ft=1 fh=ab4f3351c96b3042 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir" sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Juergen\AppData\Local\Temp\OCS\ocs_v71a.exe.vir" sh=A796F23CA2B63589E20EFE3CF6E151DC01B2E2DB ft=1 fh=cac44e7c74a8c208 vn="Variante von Win32/HackTool.CheatEngine.AA potenziell unsichere Anwendung" ac=I fn="C:\Andere rechner\AltzerLaptop\Grosser\Desktop\Facebook Marjketing\CheatEngine55.exe" sh=9C99718BFF3930BF4F1A058AFF6B8EAFD070727D ft=1 fh=07c8e023c3c3d787 vn="Variante von Win32/Keygen.AQ potenziell unsichere Anwendung" ac=I fn="C:\Andere rechner\AltzerLaptop\Uebertrag\Documents\Downloads\Sony Sound Forge 8 Include Keygen\keygen.exe" sh=68D52F4FDAD1B0A5B057629864705A45DD919E68 ft=1 fh=398a74cd6b175cee vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung" ac=I fn="C:\Andere rechner\AltzerLaptop\Uebertrag\Downloads\Free3GPVideoConverter.exe" sh=2CA976930D037ECF2D94234E12BCCCF5B71183E5 ft=1 fh=36217334dadaee82 vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung" ac=I fn="C:\Andere rechner\AltzerLaptop\Uebertrag\Downloads\FreeStudio.exe" sh=B4F1EEA4C4BA174F0F9F3B6698648A29CA92C846 ft=1 fh=e7bf12bba3ec373e vn="Variante von Win32/Toolbar.MyWebSearch.O evtl. unerwünschte Anwendung" ac=I fn="C:\Andere rechner\AltzerLaptop\Uebertrag\Downloads\MyWebFaceSetup2.3.50.49.GRfox000.exe" sh=4E048A2C4BA6E8A87475E44956367E149A93E599 ft=1 fh=f89cb68b2a069d04 vn="Win32/Keygen.HQ potenziell unsichere Anwendung" ac=I fn="C:\Andere rechner\TouchScrenn PC\alter PC\Festplatte -D-\Downloads\Power DVD 5.0\CyberLink.PowerDVD.v5.0.WinALL.Repack-CCF+Keygen-CAFE\keygen.exe" sh=2282DE99D3A98815B66FB90FFF275C8EFE015C96 ft=0 fh=0000000000000000 vn="Win32/Keygen.HQ potenziell unsichere Anwendung" ac=I fn="C:\Andere rechner\TouchScrenn PC\alter PC\Festplatte -D-\Downloads\Zips\Power DVD 5.0.rar" sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe" sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll" sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnStub.exe" sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe" sh=89E1C569CDD097A53A2339DE0B2CA6F7D36AE0FE ft=1 fh=7cc90b36aa03454c vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4ONOIQF\focusbaseSetup[1].exe" sh=F3A08B0C349E56E78028DAE8A60BDB269D78A8F0 ft=1 fh=fe35ddd49337313a vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4ONOIQF\spstub[1].exe" sh=030AD18F823D1EB34F468CC4126A17555055F71C ft=1 fh=20230c57ed3eb8bf vn="Win32/OutBrowse.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJ9IX98R\SearchProtectGeneric2[1].exe" sh=79E9E7DBBA4BD19660A0B6AAEA9D06F05A9D4AB4 ft=1 fh=c28bb60ed3001372 vn="Win32/Reporter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\AppData\Local\Temp\91408017913\1_Offer_6.exe" sh=A43DC5FACC5FC81DE61B4AB26925C25A23D28A30 ft=1 fh=527846177b5f080e vn="Win32/Reporter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\AppData\Local\Temp\91408017913\1_Offer_6_2nd.exe" sh=79C5F7C34B4064BE7B0E636F73372B4A8FA5D9F9 ft=1 fh=662b92d100d82a5e vn="Variante von Win32/Injector.BIZV Trojaner" ac=I fn="C:\Users\Juergen\AppData\Local\Temp\91408017913\1_Offer_9.exe" sh=4F1ECD30CE4249D8980985068682CFB8C62596D4 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2011-3544.CP Trojaner" ac=I fn="C:\Users\Juergen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\38be9859-73999e12" sh=245C5D6AA77DC06BDE45EF37AD6A1C1797831D53 ft=1 fh=14bf317c03f7dc7f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\Desktop\Sammelsurium\SoftonicToolbar.exe" sh=7B6319A3FE04CD782382DF2048AF4D10EB5A2DBE ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\Desktop\Speicherkarten\16 GB Galaxy W\TitaniumBackup\com.quipack.a.b4fb620b2fcc9290001006b3a-22e4d99bc0011459901ea4cbad4f4884.apk.gz" sh=5EC4F614B00C312B6A87CBA492ECDE3280AECD61 ft=0 fh=0000000000000000 vn="Variante von Android/Inmobi.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Juergen\Desktop\Speicherkarten\16 GB Galaxy W\TitaniumBackup\com.softick.android.solitaire.klondike-7be8f59b93d8fbc515a1608e73d906cb.apk.gz" sh=013200CA656B1FB90765E97E2E4CA82E52BD7E26 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\Desktop\Speicherkarten\BACKUP SD CARD\Grosse_SD\TitaniumBackup\com.rocketmind.fishing-5a3d43868017117b2630cb861a1ed0b7.apk.gz" sh=3AD53D53A0AA8D7A2A21F6E1DE8D0B5339439CA5 ft=1 fh=b34ccda5ec66e54c vn="Variante von Win32/Adware.Trymedia evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\djbc\html\download\Bej2Setup_TryGames-dm.exe" sh=E9223BAA249188D3BA645E0E432B1903A6A394A8 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\djbc\html\farmville-tips\wp-content\themes\Benz\footer.php" sh=E533375115F263F152CAB9EAD1D65FAC0811FCC1 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\djbc\html\farmville-tips\wp-content\themes\GabLog\footer.php" sh=4FB2D98A8AEDE347484686E739AC99DB0E75790B ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\djbc\html\farmville-tips\wp-content\themes\pinksimplescheme\footer.php" sh=3AD53D53A0AA8D7A2A21F6E1DE8D0B5339439CA5 ft=1 fh=b34ccda5ec66e54c vn="Variante von Win32/Adware.Trymedia evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\djbc Vs\html\download\Bej2Setup_TryGames-dm.exe" sh=E9223BAA249188D3BA645E0E432B1903A6A394A8 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\djbc Vs\html\farmville-tips\wp-content\themes\Benz\footer.php" sh=E533375115F263F152CAB9EAD1D65FAC0811FCC1 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\djbc Vs\html\farmville-tips\wp-content\themes\GabLog\footer.php" sh=4FB2D98A8AEDE347484686E739AC99DB0E75790B ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\djbc Vs\html\farmville-tips\wp-content\themes\pinksimplescheme\footer.php" sh=3AD53D53A0AA8D7A2A21F6E1DE8D0B5339439CA5 ft=1 fh=b34ccda5ec66e54c vn="Variante von Win32/Adware.Trymedia evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\webspace_verkauf_DJBC\html\download\Bej2Setup_TryGames-dm.exe" sh=E9223BAA249188D3BA645E0E432B1903A6A394A8 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\webspace_verkauf_DJBC\html\farmville-tips\wp-content\themes\Benz\footer.php" sh=E533375115F263F152CAB9EAD1D65FAC0811FCC1 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\webspace_verkauf_DJBC\html\farmville-tips\wp-content\themes\GabLog\footer.php" sh=4FB2D98A8AEDE347484686E739AC99DB0E75790B ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\Juergen\Documents\A_UpDowns\webspace_verkauf_DJBC\html\farmville-tips\wp-content\themes\pinksimplescheme\footer.php" sh=40FF44087EA269D37323C1A5EEF4E419F3F35F43 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\Documents\Gekauft\wp-mailinglist.zip" sh=6191338E132F1A7D703576B89C8A46FC8FBA024E ft=0 fh=0000000000000000 vn="J2ME/TrojanSMS.Agent.EG Trojaner" ac=I fn="C:\Users\Juergen\Documents\Gekauft\sortieren\apps.zip" sh=924A60C5C86F30D7512E39873DEB413F9A9AC26C ft=0 fh=0000000000000000 vn="JS/Redirector.NAU Trojaner" ac=I fn="C:\Users\Juergen\Documents\Gekauft\sortieren\facebook (2).zip" sh=404C8994DF3ADB204194532BABA047CB15944F4A ft=0 fh=0000000000000000 vn="J2ME/TrojanSMS.Agent.EG Trojaner" ac=I fn="C:\Users\Juergen\Documents\Gekauft\sortieren\apps\apps\communication software\Opera\opera-mini-4.1.11355-advanced-us.jar" sh=EBEA2BE4F76DA503C000FD6E7DB78ABC16D9A0A2 ft=0 fh=0000000000000000 vn="J2ME/TrojanSMS.Agent.EG Trojaner" ac=I fn="C:\Users\Juergen\Documents\Gekauft\sortieren\apps\apps\communication software\Opera\opera-mini-4.2.13337-advanced-en-us.jar" sh=4F72B5C00526575A5DB65D595CDED37F30534A43 ft=0 fh=0000000000000000 vn="J2ME/TrojanSMS.Agent.EG Trojaner" ac=I fn="C:\Users\Juergen\Documents\Gekauft\sortieren\apps\apps\communication software\Opera\opera-mini-4.2.13337-advanced-en.jar" sh=3FE0C577CE99785978A117449D3F282D17BC095F ft=0 fh=0000000000000000 vn="JS/Redirector.NAU Trojaner" ac=I fn="C:\Users\Juergen\Documents\Gekauft\sortieren\facebook\pichlmueller\bonus\PPP_kostenlos\PPP\beispiel_download.php" sh=3FE0C577CE99785978A117449D3F282D17BC095F ft=0 fh=0000000000000000 vn="JS/Redirector.NAU Trojaner" ac=I fn="C:\Users\Juergen\Documents\Gekauft\sortieren\facebook\pichlmueller\bonus\PPP_kostenlos\PPP\beispiel_download.txt" sh=53771044DB68FAE5C3424D2B1109F90D4A20CEC0 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Juergen\Downloads\phponline_2.1.3.zip" sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QPW2C34P\ApnIC[1].0" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX2O1L7W\ApnIC[1].0" sh=2153D234D166D72F04F9870D9541869CCADAB151 ft=1 fh=67447e761e537db3 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\TOOLS\MediaPack\medion_mediapack_ext.exe" Security Check ------------------- Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 JavaFX 2.1.1 Java 7 Update 67 Adobe Flash Player 14.0.0.145 Adobe Reader 9 Adobe Reader XI Mozilla Firefox (30.0) Mozilla Thunderbird (17.0.7) Google Chrome 36.0.1985.125 Google Chrome 36.0.1985.143 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01 Ran by Juergen (administrator) on JUERGEN-PC on 21-08-2014 10:22:04 Running from C:\Users\Juergen\Desktop\FRST Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\sbframe.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (FlashPeak Inc.) C:\Program Files\SlimBrowser\SBRender.exe (Google) C:\Users\Juergen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe () C:\Users\Juergen\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-09] (Adobe Systems Incorporated) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-09] (Adobe Systems Incorporated) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-09] (Adobe Systems Incorporated) HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Google custom HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-19] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) U0 wddf; C:\Windows\System32\drivers\ljatnq.sys [52440 2014-08-21] (Malwarebytes Corporation) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 ang5il6d; C:\Windows\system32\Drivers\ang5il6d.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-21 09:53 - 2014-08-21 09:53 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ljatnq.sys 2014-08-20 13:45 - 2014-08-20 13:45 - 00000000 ____D () C:\Program Files\ESET 2014-08-20 13:44 - 2014-08-20 13:44 - 00854417 _____ () C:\Users\Juergen\Desktop\SecurityCheck.exe 2014-08-20 13:43 - 2014-08-20 13:44 - 02347384 _____ (ESET) C:\Users\Juergen\Desktop\esetsmartinstaller_deu.exe 2014-08-19 22:18 - 2014-08-21 10:22 - 00000000 ____D () C:\Users\Juergen\Desktop\FRST 2014-08-19 21:49 - 2014-08-19 21:49 - 00000000 ____D () C:\Windows\ERUNT 2014-08-19 21:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-19 21:36 - 2014-08-19 21:44 - 00000000 ____D () C:\AdwCleaner 2014-08-17 14:30 - 2014-08-17 14:30 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Tools&More 2014-08-16 07:58 - 2014-08-21 10:22 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-21 09:17 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-19 22:22 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-21 10:22 - 2014-08-19 22:18 - 00000000 ____D () C:\Users\Juergen\Desktop\FRST 2014-08-21 10:22 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-21 10:15 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-21 10:09 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-21 10:05 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-21 09:59 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-21 09:59 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-21 09:53 - 2014-08-21 09:53 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ljatnq.sys 2014-08-21 09:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-21 09:49 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-21 09:17 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-21 07:15 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-21 07:15 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-21 07:10 - 2010-12-13 09:54 - 01070150 _____ () C:\Windows\WindowsUpdate.log 2014-08-21 01:09 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-20 13:45 - 2014-08-20 13:45 - 00000000 ____D () C:\Program Files\ESET 2014-08-20 13:44 - 2014-08-20 13:44 - 00854417 _____ () C:\Users\Juergen\Desktop\SecurityCheck.exe 2014-08-20 13:44 - 2014-08-20 13:43 - 02347384 _____ (ESET) C:\Users\Juergen\Desktop\esetsmartinstaller_deu.exe 2014-08-20 13:41 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-20 13:41 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-20 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-19 22:22 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-19 22:21 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-19 22:21 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-19 22:17 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-19 22:16 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-19 22:14 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-19 22:14 - 2009-07-14 06:39 - 00193932 _____ () C:\Windows\setupact.log 2014-08-19 21:49 - 2014-08-19 21:49 - 00000000 ____D () C:\Windows\ERUNT 2014-08-19 21:46 - 2010-07-07 20:31 - 01106672 _____ () C:\Windows\PFRO.log 2014-08-19 21:44 - 2014-08-19 21:36 - 00000000 ____D () C:\AdwCleaner 2014-08-18 22:33 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-17 14:30 - 2014-08-17 14:30 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Tools&More 2014-08-17 14:30 - 2011-06-29 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5CentSMS 2014-08-17 14:30 - 2011-06-29 22:02 - 00000000 ____D () C:\Program Files\5CentSMS 2014-08-17 14:28 - 2011-05-21 11:24 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx2dfrc.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\Quarantine.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 00:50 ==================== End Of Log ============================ --- --- --- |
|
21.08.2014, 18:19
| #11 |
| | PUP.Optional.Delta.A Windows 7 ... nun aber... :-) ----------------------- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01 Ran by Juergen (administrator) on JUERGEN-PC on 21-08-2014 19:13:13 Running from C:\Users\Juergen\Desktop\FRST Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (brother Industries Ltd) C:\Windows\System32\brsvc01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Google Update] => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-30] (Google Inc.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2382368 2013-08-13] (Hewlett-Packard Co.) HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9244-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e9248-23ea-11e0-8d1d-00262dc2a9ad} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {4a2e935b-23ea-11e0-8d1d-00262dc2a9ad} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863c860-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cc8b-b381-11e1-b9d9-404e57434403} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {6863cec8-b381-11e1-b9d9-404e57434403} - H:\Startme.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b5079641-7d6c-11e0-97ee-404e57434402} - F:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {b81a4a9e-c589-11e0-8c97-404e57434403} - F:\LaunchU3.exe -a HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd4f7-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe HKU\S-1-5-21-2734857389-447802245-3377701426-1000\...\MountPoints2: {ef5bd503-70ad-11e0-842b-404e57434402} - H:\AutoRun.exe AppInit_DLLs: anydischelp.dll => anydischelp.dll File Not Found IFEO\filezilla server interface.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\filezilla server.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\photoproduct.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\tipc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Search - Google custom HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Google custom HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) BHO: Kwyshell MidpX -> {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} -> C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) Toolbar: HKCU - Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Juergen\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Juergen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Juergen\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\abs@avira.com [2014-08-19] FF Extension: German Dictionary, extended for Austria - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10] FF Extension: Hide My Ass Proxy Extension - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\extension@hidemyass.com [2012-05-24] FF Extension: Fast Dial - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\fastdial@telega.phpnet.us [2013-09-18] FF Extension: Seitwert.de Plugin - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\plugin@seitwert.de [2013-02-23] FF Extension: Print / Print Preview (Update) - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com [2011-08-28] FF Extension: Restart Firefox - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restart@restart.org [2013-02-23] FF Extension: StumbleUpon - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\toolbar@stumbleupon.com [2012-10-23] FF Extension: Print/Print Preview - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012-02-17] FF Extension: FEBE - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14] FF Extension: Empty Cache Button - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-10] FF Extension: Password Exporter - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13] FF Extension: Auto Reload - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\autoreload@yz.com.xpi [2013-09-14] FF Extension: Restartless Restart - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-16] FF Extension: Session Manager - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-08-05] FF Extension: MeasureIt - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-05] FF Extension: Adblock Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF Extension: Tab Mix Plus - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\pdi30a20.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-22] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}-trash [2012-02-20] FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012-03-17] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2014-07-17] FF HKLM\...\Thunderbird\Extensions: [te_3.1@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2012-03-17] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YouTube) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2011-07-30] CHR Extension: (Google Search) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Follow) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2013-04-28] CHR Extension: (Bubble Shooter -HD) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf [2013-02-06] CHR Extension: (bitly | ♥ your bitmarks) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-02-03] CHR Extension: (Any.DO) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-02-06] CHR Extension: (Session Manager) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2012-06-26] CHR Extension: (Buffer) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-02-03] CHR Extension: (Gmail) - C:\Users\Juergen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-19] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed] S4 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S4 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\system32\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-10-24] (Microsoft Corporation) [File not signed] S4 TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [318144 2010-09-28] (Utipu inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [362496 2012-06-28] (SafeNet Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [11392 2008-01-29] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [26208 2011-02-22] (NT Kernel Resources) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2013-09-23] (Sonic Solutions) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2011-02-24] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-23] (Avira GmbH) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-14] (Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-14] (Logitech Inc.) S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [29208 2007-09-14] (Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-14] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-14] (Logitech Inc.) U3 anxcpuaw; C:\Windows\system32\Drivers\anxcpuaw.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [180736 2009-09-04] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 22:18 - 2014-08-21 19:13 - 00000000 ____D () C:\Users\Juergen\Desktop\FRST 2014-08-19 21:49 - 2014-08-19 21:49 - 00000000 ____D () C:\Windows\ERUNT 2014-08-19 21:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-19 21:36 - 2014-08-19 21:44 - 00000000 ____D () C:\AdwCleaner 2014-08-17 14:30 - 2014-08-17 14:30 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Tools&More 2014-08-16 07:58 - 2014-08-21 19:13 - 00000000 ____D () C:\FRST 2014-08-14 14:16 - 2014-08-21 19:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:58 - 2014-08-07 23:59 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-06 13:48 - 2014-08-19 22:22 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:40 - 2014-08-04 22:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:40 - 2014-08-04 22:39 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:16 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:09 - 2014-08-04 07:10 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:19 - 2014-07-31 09:21 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-22 23:49 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-07-22 23:49 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-21 19:13 - 2014-08-19 22:18 - 00000000 ____D () C:\Users\Juergen\Desktop\FRST 2014-08-21 19:13 - 2014-08-16 07:58 - 00000000 ____D () C:\FRST 2014-08-21 19:09 - 2010-12-13 10:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-21 19:05 - 2014-08-14 14:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-21 19:05 - 2012-08-19 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-21 19:05 - 2010-12-13 11:34 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Skype 2014-08-21 19:04 - 2014-02-26 10:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job 2014-08-21 19:04 - 2012-06-02 21:16 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job 2014-08-21 19:04 - 2010-12-13 09:54 - 01074454 _____ () C:\Windows\WindowsUpdate.log 2014-08-21 12:43 - 2014-03-26 01:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\SlimBrowser 2014-08-21 12:42 - 2012-04-15 16:51 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-21 12:42 - 2011-05-17 19:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-21 11:59 - 2012-06-02 21:16 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job 2014-08-21 11:38 - 2011-05-05 18:25 - 00000000 ___RD () C:\Users\Juergen\Dropbox 2014-08-21 11:37 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox 2014-08-21 11:37 - 2010-12-13 10:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-21 10:49 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-21 10:49 - 2009-07-14 06:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-21 10:42 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-21 10:42 - 2009-07-14 06:39 - 00193988 _____ () C:\Windows\setupact.log 2014-08-21 10:41 - 2010-07-07 20:31 - 01107744 _____ () C:\Windows\PFRO.log 2014-08-21 10:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-20 13:41 - 2013-03-08 19:49 - 00000000 ____D () C:\Users\Juergen\AppData\Local\CrashDumps 2014-08-20 13:41 - 2010-12-13 11:27 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\FileZilla 2014-08-19 22:22 - 2014-08-06 13:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-19 22:21 - 2013-09-23 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-19 22:21 - 2013-09-23 18:22 - 00000000 ____D () C:\Program Files\Avira 2014-08-19 21:49 - 2014-08-19 21:49 - 00000000 ____D () C:\Windows\ERUNT 2014-08-19 21:44 - 2014-08-19 21:36 - 00000000 ____D () C:\AdwCleaner 2014-08-18 22:33 - 2007-03-27 15:40 - 00000000 ____D () C:\unzipped 2014-08-17 14:30 - 2014-08-17 14:30 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Tools&More 2014-08-17 14:30 - 2011-06-29 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5CentSMS 2014-08-17 14:30 - 2011-06-29 22:02 - 00000000 ____D () C:\Program Files\5CentSMS 2014-08-17 14:28 - 2011-05-21 11:24 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-08-14 21:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2014-08-14 17:13 - 2011-10-08 10:06 - 00000000 ____D () C:\Windows\tessdata 2014-08-14 14:42 - 2011-05-05 18:23 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 14:33 - 2010-12-13 11:26 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2014-08-14 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 14:16 - 2011-10-25 08:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-14 13:30 - 2010-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-10 02:54 - 2013-04-10 10:17 - 00002056 _____ () C:\Windows\system32\TeamViewer8_Hooks.log 2014-08-10 02:54 - 2013-04-10 10:16 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-08-09 23:18 - 2014-08-09 23:18 - 00008689 _____ () C:\Users\Juergen\Documents\tagebuch aug 14.txt 2014-08-07 23:59 - 2014-08-07 23:58 - 00034484 _____ () C:\Users\Juergen\ESt2013_Rahm_Juergen.elfo 2014-08-07 23:39 - 2013-06-01 13:43 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\elsterformular 2014-08-06 13:48 - 2010-12-22 17:37 - 00000000 ____D () C:\ProgramData\Avira 2014-08-04 22:41 - 2013-10-17 23:04 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 22:40 - 2014-08-04 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 22:39 - 2014-08-04 22:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-04 22:39 - 2014-08-04 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-04 22:34 - 2014-08-04 22:34 - 00918952 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jxpiinstall(1).exe 2014-08-04 22:24 - 2014-08-04 22:24 - 00410029 _____ () C:\Users\Juergen\Downloads\de_DE.zip 2014-08-04 21:54 - 2014-07-06 14:44 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-08-04 21:54 - 2010-12-13 20:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-08-04 21:53 - 2010-12-13 20:33 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-04 20:42 - 2014-08-04 20:42 - 00000000 ____D () C:\Users\Juergen\Downloads\pixabay-images 2014-08-04 08:17 - 2014-08-04 08:16 - 00000000 ____D () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet 2014-08-04 08:16 - 2014-08-04 08:16 - 03152022 _____ () C:\Users\Juergen\Downloads\Wie man Frauen anmacht - überarbeitet.zip 2014-08-04 07:10 - 2014-08-04 07:09 - 00000000 ____D () C:\Users\Juergen\Downloads\Bilder 2014-08-04 06:48 - 2014-08-04 06:48 - 00013190 _____ () C:\Users\Juergen\Downloads\pixabay-images.zip 2014-08-04 05:35 - 2014-08-04 05:35 - 00000000 ____D () C:\Users\Juergen\Downloads\default-slides 2014-08-03 09:30 - 2014-08-03 09:30 - 00000000 ____D () C:\Users\Juergen\Downloads\autoresponder_pro_v4 2014-08-02 02:17 - 2014-08-02 02:17 - 06004615 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-31 09:37 - 2014-07-31 09:37 - 00001191 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-31 09:37 - 2014-07-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-31 09:36 - 2014-07-31 09:36 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-07-31 09:36 - 2013-05-31 20:31 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-31 09:21 - 2014-07-31 09:19 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Juergen\Downloads\ElsterFormular-15.2.20140326p.exe 2014-07-26 21:29 - 2013-09-24 00:26 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 21:28 - 2010-07-06 22:23 - 01629104 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 15:40 - 2014-07-26 15:40 - 00000000 ____D () C:\Users\Juergen\Desktop\Awasser 2014-07-26 15:40 - 2011-01-04 12:42 - 00064000 _____ () C:\Users\Juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 11:12 - 2014-07-25 11:12 - 00202867 _____ () C:\Users\Juergen\Downloads\wordle-sandboxed.jar 2014-07-25 10:46 - 2014-07-25 10:46 - 05981830 _____ (Tim Kosse) C:\Users\Juergen\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 10:42 - 2014-03-26 01:37 - 00000000 ____D () C:\Program Files\SlimBrowser 2014-07-22 23:49 - 2013-11-01 11:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 Some content of TEMP: ==================== C:\Users\Juergen\AppData\Local\Temp\avgnt.exe C:\Users\Juergen\AppData\Local\Temp\DivXSetup.exe C:\Users\Juergen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvpwnao.dll C:\Users\Juergen\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Juergen\AppData\Local\Temp\handbrake-setup.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Juergen\AppData\Local\Temp\NSISUtils.dll C:\Users\Juergen\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\Juergen\AppData\Local\Temp\Quarantine.exe C:\Users\Juergen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tester\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 00:50 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2014 01
Ran by Juergen at 2014-08-21 19:15:13
Running from C:\Users\Juergen\Desktop\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4Videosoft iPhone Transfer Platinum 7.0.08 (HKLM\...\{E16D939E-1E8B-44ca-A57A-9A8768BFAA0E}_is1) (Version: 7.0.08 - 4Videosoft Studio)
5600 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5CentSMS (HKLM\...\{5BD01142-5F93-4B00-AFC0-C00EC58C2294}) (Version: 3.02.0000 - Wirth IT-Design)
5CentSMS (HKLM\...\{90141793-E338-4EEB-B7E8-8CDED19D908D}) (Version: 2.01.0200 - Wolfgang Wirth IT-Design)
Adobe After Effects 7.0 (HKLM\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe After Effects 7.0 (Version: 7.0.0.244 - Adobe Systems, Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe ConnectNow Add-in (HKCU\...\Adobe ConnectNow Add-in) (Version: - )
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe ExtendScript Toolkit 1.0 (Version: 001.000.002 - Adobe Systems) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Premiere Pro 2.0 (HKLM\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Premiere Pro 2.0 (Version: 2.000.000 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Stock Photos 1.0 (Version: 1.0.2 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (Version: 2.0 - Adobe Systems, Inc.) Hidden
Affiliate Rewarder (HKLM\...\affrewa) (Version: 1.91 - UNKNOWN)
Affiliate Rewarder (Version: 1.91 - UNKNOWN) Hidden
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Android Skin Pack 1.0-X86 (HKLM\...\Android Skin Pack) (Version: 1.0-X86 - Publisher)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artisteer 4 (HKLM\...\Artisteer 4) (Version: 4.0 - Extensoft)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM\...\Ashampoo Photo Commander_is1) (Version: 8.3.2 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM\...\Ashampoo Snap_is1) (Version: 3.4.1 - ashampoo GmbH & Co. KG)
Assistant 5.05.010 (HKLM\...\Assistant) (Version: 5.5.10.0 - Medion)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avi2Dvd 0.6.4 (HKLM\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Billard (HKLM\...\{7A92A322-1A10-4153-B551-D547AA9B4649}) (Version: 1.0 - media Verlagsgesellschaft mbH)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1752D07B-9BEB-414F-9B51-AA529101F0E5}) (Version: 0.9.12 - Kovid Goyal)
CamStudio (HKLM\...\CamStudio) (Version: - )
Camtasia Studio 7 (HKLM\...\{DE042823-C359-4B87-B66B-308057E8B6AF}) (Version: 7.0.1 - TechSmith Corporation)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{9032D87D-23E8-4FA1-8422-C11747A4FA23}) (Version: 3.1.0 - IvoSoft)
Conference Recording Service (HKLM\...\{B293F0E6-10B7-45FD-BACF-18826515C246}_is1) (Version: - GVO, Inc.)
Convert AVI to MP4 1.3 (HKLM\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version: - convertavitomp3.com)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version: - )
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
Cover Commander 3.1.3 by Insofta Development (HKLM\...\Cover Commander) (Version: 3.1.3 - Insofta Development)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021a - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021a - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3101 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.3101 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Dell-Druckersoftware (HKLM\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Domain Samurai (HKLM\...\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.2.81 - Alliance Software Pty Ltd)
Domain Samurai (Version: 0.2.81 - Alliance Software Pty Ltd) Hidden
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.30 - Runtime Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Easy DeskShare V.3.3 (HKLM\...\Easy DeskShare_is1) (Version: - Talk Fusion)
Easy eCover Creator (HKLM\...\{6B50BCF4-9C47-422D-91AA-B2A4C9DE4A3D}_is1) (Version: - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
EPS PostScript PDF 2 JPG & Co 1 (HKLM\...\EPS PostScript PDF 2 JPG & Co 1) (Version: - )
Ezvid (HKLM\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0.9.2.0 - Ezvid, inc.)
Fast Image-Map 2.2.1 (HKLM\...\FastImageMap_is1) (Version: 2.2.1.0 - Martin Hentschel (CL-Soft))
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow [rev 3299] [2010-03-03] (HKLM\...\ffdshow_is1) (Version: 1.0.0.3299 - )
FileZilla Client 3.9.0.3 (HKLM\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
FileZilla Server (HKLM\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
Findet Nemo (HKLM\...\InstallShield_{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}) (Version: 1.00.0000 - THQ)
Findet Nemo (Version: 1.00.0000 - THQ) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FlashPeak SlimBrowser (HKLM\...\SlimBrowser) (Version: 7.00.103 - FlashPeak Inc.)
FlatOut2 (HKLM\...\{7E641E46-81DB-4D1D-906A-48342523051C}) (Version: 1.00.0000 - Ihr Firmenname)
Free FLV to iPhone Converter (HKLM\...\Free FLV to iPhone Converter_is1) (Version: - )
Free Studio version 5.7.6.1015 (HKLM\...\Free Studio_is1) (Version: 5.7.6.1015 - DVDVideoSoft Ltd.)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube to MP3 Converter version 3.9.40.602 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GIMPshop 2.2.8 (HKLM\...\GIMPshop) (Version: 2.2.8 - The GIMP team (hack by Scott Moschella))
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.0.1558 (HKCU\...\GoToMeeting) (Version: 6.4.0.1558 - CitrixOnline)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{8D7507C3-DF2B-4740-8700-8227C2C7AE81}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{23808E88-87BA-4BF0-8C8F-DC7D9DB40359}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11352 - HP Photo Creations)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Inkscape 0.48.2 (HKLM\...\Inkscape) (Version: 0.48.2 - )
InstantArticleWizard (HKLM\...\InstantArticleWizard) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
ISDN CAPI Port (HKLM\...\AVM ISDN CAPI Port) (Version: - )
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
jAlbum (HKLM\...\{4D067FE4-F477-437A-BB66-F013721E9EB4}) (Version: 9.6.1 - Jalbum AB)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KEmulator 0.9.8 (HKLM\...\KEmulator 0.9.8) (Version: - )
K-Lite Mega Codec Pack 7.1.9 (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.9 - )
Kwyshell MidpX Emulator Package 1.3.1 (HKLM\...\Kwyshell MidpX Emulator Package) (Version: 1.3.1 - G.Corp)
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.0.3.0 - Lightworks)
Logitech Gaming Software 5.01 (HKLM\...\{C5961323-A2E5-4FAB-B92D-DBF6C282F0F5}) (Version: 5.01.256 - Logitech)
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{2E01C311-3ED2-42CF-B1E9-9A36D4B9E26B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (HKLM\...\MAGIX_{258D56DE-24F2-479E-BED2-8103CB0B9D58}) (Version: 12.0.0.32 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Version: 12.0.0.32 - MAGIX AG) Hidden
MailNavigator (HKLM\...\MailNavigator) (Version: 1.14 - GEO Ltd)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Market Samurai (HKLM\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.87.70 - Alliance Software Pty Ltd)
Market Samurai (Version: 0.87.70 - Alliance Software Pty Ltd) Hidden
Mass Video Blaster (HKLM\...\Mass Video Blaster) (Version: 2.32 - Vlad M.)
Medion GoPal Assistant 4.03.006 (HKLM\...\Medion GoPal Assistant) (Version: 4.3.6.0 - Medion)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mindjet (HKLM\...\{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}) (Version: 11.1.353 - Mindjet)
MiniTool Partition Wizard Home Edition 7.5 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Miranda IM 0.10.12 (HKLM\...\Miranda IM) (Version: 0.10.12 - Miranda IM Project)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.030.01.26.75 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 17.0.7 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.7 (x86 de)) (Version: 17.0.7 - Mozilla)
MPC-HC 1.6.5.6366 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.5.6366 - MPC-HC Team)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Newsoft H264 Decoder (HKLM\...\{C26ED93F-A16E-4FC9-B158-A1D5CC604949}) (Version: 1.04.01 - NewSoft)
Nokia Configuration Tool (HKLM\...\Nokia Configuration Tool 6.3) (Version: Nokia Configuration Tool - Nokia)
Nokia Configuration Tool 6.3 (Version: 6.3.0.0 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Software Updater 3 (HKLM\...\{F7848E67-E66A-40CB-887B-5BB56AB4C3F6}) (Version: 3.0.223 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.3.89.0 - Nokia)
Nokia Suite (Version: 3.3.89.0 - Nokia) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.5 - )
Nvu 1.0 (HKLM\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
OGG to MP3 Converter 1.2 (HKLM\...\{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1) (Version: - OGG to MP3 Converter, freeware convert OGG to MP3 and MP3 to OGG)
OJOsoft Total Video Converter (HKLM\...\OJOsoft Total Video Converter_is1) (Version: 2.7.5.0412 - OJOsoft)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF4819}) (Version: 4.0.3 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Picture Collage Maker Pro 4.0.1 (HKLM\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.0.1 - PearlMountain Technology Co., Ltd)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poedit (HKLM\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.5.4 - Vaclav Slavik)
PST Walker 5.10 (HKLM\...\PST Walker_is1) (Version: - PST Walker Software)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Setup1 (HKLM\...\{F6C80B93-EDC2-4D26-AB46-8F5624E70BAE}) (Version: 1.0.0 - Microsoft)
Shape Collage (HKLM\...\ShapeCollage) (Version: - Shape Collage Inc.)
Sigil 0.6.2 (HKLM\...\Sigil_is1) (Version: - John Schember)
Sjboy Beta4 (HKLM\...\Sjboy_is1) (Version: - www.sjboy.cn)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SMPlayer 0.6.9 (HKLM\...\SMPlayer) (Version: 0.6.9 - RVM)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stellarium 0.11.0 (HKLM\...\Stellarium_is1) (Version: - )
Stop Money Worries (HKLM\...\{230CA1A5-F954-4B05-B746-3AEE5B3F5462}) (Version: 1.02 - Simplicity Programming)
Streamripper (Remove only) (HKLM\...\Streamripper) (Version: - )
Studie zur Verbesserung von HP ENVY 4500 series (HKLM\...\{5C3EB7C3-F5CC-479E-A082-B30B950C0AC4}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (HKLM\...\{8F311E72-C27F-4DF0-8254-B739A1831668}_is1) (Version: v2012.build.53 - eRightSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TheBrain 7 (HKLM\...\1190-3857-8766-9166) (Version: 7.0.4.5 - TheBrain Technologies)
TipCam 2.5 Beta (HKLM\...\TipCam) (Version: 2.5 Beta - UTIPU, Inc.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Immersion D'Fusion @Home Web Plug-In (HKLM\...\D'Fusion @Home Web Plug-In) (Version: - Total Immersion)
trakAxPC (HKLM\...\{CAB81583-0310-43E1-8E33-0864985EDD67}) (Version: 3.01.1 - HighAndes)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tube Rankster (HKLM\...\{04B1E6A2-F860-471B-AC84-C04725B5825E}) (Version: 2.0.0 - video Shadow)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
tViewer (HKLM\...\{17F689FE-B0CA-4F22-BED2-9756EFC4A1DC}) (Version: 1.0 - NTSoftwares)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Niche Dominator v1.17 (HKLM\...\Video Niche Dominator_is1) (Version: - )
Video Shadow (HKLM\...\{44A31720-8DC7-478C-9737-1054A698434B}) (Version: 2.1.4 - Video Shadow)
Viral Submitter Pro (HKLM\...\Viral.Submitter.Pro) (Version: 1.0.1 - Viper Consulting, LLC)
Viral Submitter Pro (Version: 1.0.1 - Viper Consulting, LLC) Hidden
Viral Toolbar Builder (HKLM\...\Viral Toolbar Builder_is1) (Version: - )
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VoiceBo (HKLM\...\VoiceBo) (Version: 0.9.14 - UNKNOWN)
VoiceBo (Version: 0.9.14 - UNKNOWN) Hidden
Wav2MP3 Wizard v3.2 (Build 354) (HKLM\...\Wav2MP3 Wizard_is1) (Version: 3.2.354 - Discovery Open-Source Development Group)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinHTTrack Website Copier 3.44-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.44.1 - HTTrack)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinX Free DVD to FLV Ripper 4.3.13 (HKLM\...\WinX Free DVD to FLV Ripper_is1) (Version: - Digiarty Software,Inc.)
WinX Free WMV to MP4 Converter 2.0.7 (HKLM\...\WinX Free WMV to MP4 Converter_is1) (Version: - Digiarty Software,Inc.)
WinZip (HKLM\...\WinZip) (Version: 8.1 SR-1 (5266g) - WinZip Computing, Inc.)
Wondershare Data Recovery(Build 4.6.1.3) (HKLM\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.6.1.3 - Wondershare Software Co.,Ltd.)
Wondershare Dr.Fone für iOS(Build 3.5.0.25) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 3.5.0.25 - Wondershare Software Co.,Ltd.)
WOW Slider (HKLM\...\WOW Slider) (Version: - )
XAMPP 1.8.1 (HKLM\...\xampp) (Version: - )
XMind 2012 (v3.3.1) (HKLM\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.5 - ZONER software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2734857389-447802245-3377701426-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Juergen\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
04-08-2014 19:51:23 paint.net v4.0.3
04-08-2014 20:38:26 Installed Java 7 Update 67
14-08-2014 19:22:15 Geplanter Prüfpunkt
17-08-2014 12:29:00 5CentSMS wird installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03047D74-C667-44DB-92DD-BD2E81F0EE10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0D5ED7E1-C0CF-4939-9478-2FE5FE615760} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {1BD21F84-4A92-4229-88F7-25B288E736E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30] (Google Inc.)
Task: {21AE62E0-8482-43FF-B178-4D0CC4FA1784} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {22E2D6F4-1D6E-442B-AA72-124661383C6F} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {2FE9ED40-A9E3-4988-B673-F3034B7CE7F6} - System32\Tasks\{15D4C030-218D-437E-BE0C-04D5B5ADBCE5} => C:\Program Files\Handbrake\Handbrake.exe [2013-05-30] (HandBrake)
Task: {5CDEB712-C834-4702-90FD-8C00DC8E2918} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30] (Google Inc.)
Task: {65395C5F-21CC-48E3-A631-11C4F225FFDF} - System32\Tasks\{41501BA6-F18C-4C47-8371-E125D89EE17F} => C:\Program Files\Eumex 400\Eumex400.exe
Task: {67992341-37AF-44E6-BF4E-A601A0EAA275} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-13] (Google Inc.)
Task: {690EAAC6-09C2-4B7A-A9AD-F4E0DC656D2B} - System32\Tasks\Google Updater and Installer => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30] (Google Inc.)
Task: {76584874-5CFD-4C4D-87E2-E40DD8E78751} - System32\Tasks\{57F7835F-F1F8-492D-AA02-FFD5F18BEA2B} => C:\Eumex400\Konfig\V1.03.01\Setup.exe
Task: {8AE5569D-CB36-4A63-85DA-9E82F5248DE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-13] (Google Inc.)
Task: {CA795972-B87D-4D03-A4EB-AC43A92D7DF1} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-03-14] ()
Task: {CAEDB59F-CC5F-4D74-91C0-1B1F30757B60} - System32\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000 => C:\Users\Juergen\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CF1757AC-8742-4E3C-86B4-274476AF76A4} - System32\Tasks\{B4D9143E-56FC-4708-A1FF-CCF4C15A93B1} => C:\Program Files\Eumex 400\Eumex400.exe
Task: {E0511C02-1298-4CD6-9A56-9C34DE1E4939} - System32\Tasks\{FCAF3FCF-07E6-452F-B01A-C16F1B9F6484} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {E26D82E4-C0C8-47C9-89A2-FAD718231193} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {FFE0339D-091A-475E-ABB4-9A75CFEB4D30} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2734857389-447802245-3377701426-1000.job => C:\Users\Juergen\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000Core.job => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734857389-447802245-3377701426-1000UA.job => C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2010-12-22 08:03 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2011-08-19 17:44 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2005-04-06 16:52 - 2005-04-06 16:52 - 00028791 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057453 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00102515 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00053364 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057455 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00032880 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00434255 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 01019904 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2010-10-06 02:38 - 2010-02-10 12:34 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2005-04-06 16:53 - 2005-04-06 16:53 - 03502080 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-09 13:11 - 2014-03-09 13:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-10-06 01:37 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-13 16:09 - 2014-08-13 16:09 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-08-06 13:48 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Juergen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2011-06-29 19:59 - 2011-03-31 10:45 - 00061440 _____ () C:\Windows\system32\easyDeskShare.ax
2014-08-21 11:37 - 2014-08-21 11:37 - 00043008 _____ () c:\users\juergen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvpwnao.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Juergen\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Juergen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk => C:\Windows\pss\Skype.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Classic Start Menu => C:\Program Files\Classic Shell\ClassicStartMenu.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Juergen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Deskjet 3070 B611 series (NET) => "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN23C6C0S005MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MMReminderService => C:\Program Files\Mindjet\MindManager 11\MMReminderService.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: NSU_agent => "C:\Program Files\Nokia\Nokia Software Updater 3\nsu3ui_agent.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RockMelt Update => "C:\Users\Juergen\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
==================== Faulty Device Manager Devices =============
Name: Deskjet 3070 B611 series
Description: Deskjet 3070 B611 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/21/2014 07:03:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22779016
Error: (08/21/2014 07:03:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22779016
Error: (08/21/2014 07:03:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/21/2014 00:44:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9375
Error: (08/21/2014 00:44:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9375
Error: (08/21/2014 00:44:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/21/2014 10:42:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 23.0.0.10.in-addr.arpa. PTR Juergen-PC.local.
Error: (08/21/2014 10:42:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.23:5353 20 23.0.0.10.in-addr.arpa. PTR Juergen-PC-2.local.
Error: (08/21/2014 08:31:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/20/2014 01:41:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x13e4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (08/21/2014 10:42:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
archlp
Error: (08/21/2014 10:42:26 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (08/21/2014 10:42:23 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (08/21/2014 10:41:42 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber archlp.sys konnte nicht geladen werden.
Error: (08/20/2014 05:24:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (08/19/2014 10:14:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
archlp
Error: (08/19/2014 10:14:40 PM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (08/19/2014 10:14:38 PM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (08/19/2014 10:13:55 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber archlp.sys konnte nicht geladen werden.
Microsoft Office Sessions:
=========================
Error: (08/21/2014 07:03:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22779016
Error: (08/21/2014 07:03:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22779016
Error: (08/21/2014 07:03:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/21/2014 00:44:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9375
Error: (08/21/2014 00:44:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9375
Error: (08/21/2014 00:44:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/21/2014 10:42:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 23.0.0.10.in-addr.arpa. PTR Juergen-PC.local.
Error: (08/21/2014 10:42:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.23:5353 20 23.0.0.10.in-addr.arpa. PTR Juergen-PC-2.local.
Error: (08/21/2014 08:31:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP ENVY 4500 series\DriverStore\Yeti\V3\amd64\hpinkinsC511.exe
Error: (08/20/2014 01:41:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b13e401cfbc43948d646aC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dlle74891a8-285e-11e4-a0a2-404e57434404
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
Percentage of memory in use: 38%
Total physical RAM: 3510.61 MB
Available physical RAM: 2162.79 MB
Total Pagefile: 7019.5 MB
Available Pagefile: 5041.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.96 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:415.13 GB) (Free:26.88 GB) NTFS
Drive d: (Recover) (Fixed) (Total:49.53 GB) (Free:5.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7A2D7A2D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1022 MB) - (Type=12)
==================== End Of Log ============================
|
|
21.08.2014, 23:49
| #12 |
| | PUP.Optional.Delta.A Windows 7 das wars jetzt? Geändert von ergotouch (21.08.2014 um 23:55 Uhr) |
|
22.08.2014, 19:23
| #13 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Delta.A Windows 7 Gibt es noch Probleme? Der Ordner Anderer Rechner würde ich komplett löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.08.2014, 02:30
| #14 |
| | PUP.Optional.Delta.A Windows 7 Hi schrauber Kleine Verständnisfrage: Bisher hab ich jede Menge Scanner über den PC laufen lassen, hab die Entfernen Option abgewählt (oder?), jede menge Zeugs gefunden, aber... nicht gelöscht? Oder doch? Ich bin irgendwie überfragt, wie ich die gefundenen Sachen jetzt aus den Ordnern rauslöschen soll oder muss ich das gar nicht mehr? Waren da tools dabei, die das bereits getan haben? Lg ;-) |
|
23.08.2014, 20:42
| #15 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Delta.A Windows 7 Bis jetzt hat jedes Tool das Gefundene auch gelöscht. Es geht rein um ESET. Jede Menge Scheiss im Ordner alter REchner, daher löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
