| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gefälschte Rechnung von 1&1 geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.11.2014, 12:33
| #1 |
| |  Gefälschte Rechnung von 1&1 geöffnet Hallo, habe aus Unachtsamkeit eine Rechnung im Mail Anhang geöffnet. Hab danach den Rechner gescannt mit Emisoft, es wurde auch etwas gefunden, hab es dann mit Emisoft gelöscht. Danach nochmal gescannt mir avast und Malwarebyte, es wurde nichts mehr gefunden. Möchte gerne, um sicher zu gehen, hier die erfahrenen Helfer nach schauen lassen. Rechner verhält sich vollkommen normal, keinerlei Auffälligkeiten. Logs habe ich erstellt. Scan Emisoft: Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: 18.11.2014 13:37:00
Benutzerkonto: Admin-PC\Admin
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
PUPs-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 18.11.2014 14:27:10
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam -> (message 41) -> [Subject: POSTA CERTIFICATA: foto][Date: Tue, 3 Jun 2014 21:07:24 +0200] -> (MIME part) -> (MIME part) -> postacert.eml -> [Subject: foto][Date: Tue, 3 Jun 2014 14:07:33 -0500] -> (MIME part) -> photo.zip -> photo.scr gefunden: Trojan.GenericKD.1703512 (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam -> (message 59) -> [Subject: foto][Date: Tue, 8 Jul 2014 00:06:19 -0500] -> (MIME part) -> photo.zip -> photo.exe gefunden: Backdoor.Agent.ABPE (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam -> (message 98) -> [Subject: foto][Date: Tue, 12 Aug 2014 12:23:33 -0500] -> (MIME part) -> photo.zip -> photo.scr gefunden: Trojan.Agent.BGEB (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam -> (message 104) -> [Subject: foto][Date: Wed, 20 Aug 2014 22:21:04 -0500] -> (MIME part) -> photo.zip -> photo.scr gefunden: Trojan.GenericKD.1815331 (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash -> (message 61) -> [Subject: foto][Date: Tue, 8 Jul 2014 00:06:19 -0500] -> (MIME part) -> photo.zip -> photo.exe gefunden: Backdoor.Agent.ABPE (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash -> (message 107) -> [Subject: foto][Date: Tue, 12 Aug 2014 12:23:33 -0500] -> (MIME part) -> photo.zip -> photo.scr gefunden: Trojan.Agent.BGEB (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash -> (message 110) -> [Subject: foto][Date: Tue, 12 Aug 2014 12:23:33 -0500] -> (MIME part) -> photo.zip -> photo.scr gefunden: Trojan.Agent.BGEB (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash -> (message 115) -> [Subject: foto][Date: Wed, 20 Aug 2014 22:21:04 -0500] -> (MIME part) -> photo.zip -> photo.scr gefunden: Trojan.GenericKD.1815331 (B)
Gescannt 220010
Gefunden 8
Scan Ende: 18.11.2014 15:38:59
Scan Zeit: 1:11:49
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash Gelöscht Trojan.GenericKD.1815331 (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam Gelöscht Trojan.GenericKD.1815331 (B)
Gelöscht 2
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014 Ran by Admin (administrator) on ADMIN-PC on 20-11-2014 12:06:56 Running from C:\Users\Admin\Desktop Loaded Profile: Admin (Available profiles: Admin) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [270336 2007-07-26] (BonSoft) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-12] (AVAST Software) HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-10-13] (Emsisoft GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-01-20] () HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-03-13] () HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd) HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\MountPoints2: {15735cfd-2a55-11e2-8e70-e0ca94af79b9} - D:\SETUP.EXE HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\MountPoints2: {4f5e6cee-2b22-11e2-9d91-e0ca94af79b9} - D:\SETUP.EXE Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fc-hansa.de/ HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL No File BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - No File DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ] Hosts: 127.0.0.1 license.superantispyware.com Tcpip\Parameters: [DhcpNameServer] 83.169.185.225 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default FF DefaultSearchEngine,S: FF SearchEngineOrder.1,S: FF SelectedSearchEngine,S: FF Homepage: hxxp://www.fc-hansa.de/ FF NetworkProxy: "no_proxies_on", "dynhost.inetcam.com,register.inetcam.com,*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll No File FF Plugin HKU\S-1-5-21-2527506857-1470243597-2188628-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\searchplugins\sgb-ii---gebe--ein---.xml FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\searchplugins\suche-urteil-nach-begriff-auf-sozialgerichtsbarkeitde.xml FF Extension: German Dictionary - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-07] FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\de_DE@dicts.j3e.de [2014-09-18] FF Extension: Conduit Engine - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\engine@conduit(2).com [2012-11-08] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-14] FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-11-08] FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2) [2012-11-08] FF Extension: ColorfulTabs - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-31] FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-11-09] FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2012-11-08] FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(3) [2012-11-08] FF Extension: Flagfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2012-11-08] FF Extension: Metal Lion - Vista - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}(2) [2012-11-08] FF Extension: Tab Preview - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991} [2012-11-08] FF Extension: InFormEnter - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2013-10-19] FF Extension: Nautipolis for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}(2) [2012-11-08] FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2012-11-08] FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: ReminderFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2) [2012-11-08] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}(2) [2012-11-08] FF Extension: SearchPreview - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-21] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-11-08] FF Extension: Classic Theme Restorer - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-30] FF Extension: Personas Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\personas@christopher.beard.xpi [2013-08-15] FF Extension: FastestFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\smarterwiki@wikiatic.com.xpi [2012-11-08] FF Extension: Screengrab (fix version) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-10-01] FF Extension: Flagfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-11-12] FF Extension: Download Status Bar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-23] FF Extension: Show MyIP - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}.xpi [2012-11-08] FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-08] FF Extension: FootieFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2012-11-08] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-08] FF Extension: BetterPrivacy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-15] FF Extension: Tab Mix Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-11-08] FF Extension: QuickStores-Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de [2014-11-10] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-11-10] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-02] FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] FF Extension: No Name - wrc@avast.com [Not Found] Chrome: ======= CHR HomePage: Default -> www.google.com CHR StartupUrls: Default -> "hxxp://www.fc-hansa.de/", "hxxp://www.google.com/" CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20] CHR Extension: (Actual Date) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokomghjcfmiofmackdbpjleianepgih [2014-03-21] CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20] CHR Extension: (Splendid) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2014-03-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20] CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-20] CHR Extension: (TrafficLight) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-03-21] CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20] CHR Extension: (Downloadr - Download Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2014-03-21] CHR Extension: (avast! Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-20] CHR Extension: (Search View\r\n) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagfpkaleocohbmlifdhhmodcpmdhem [2014-03-20] CHR Extension: (Wetter Weltweit) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbmknmpendafnnkibphfmeeljfdomgk [2014-03-20] CHR Extension: (Erfassen Webseite Screenshot - FireShot) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2014-03-21] CHR Extension: (FastestFox – Schneller browsen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-03-21] CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20] CHR Extension: (Clock & Stoppuhr) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenbafpkokgkppmcadhgjinfgapnjko [2014-03-20] CHR Extension: (Google Calendar Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2014-03-20] CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-12] (AVAST Software) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-14] (IObit) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed] R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-30] (TuneUp Software) R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-12] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-12] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-12] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-12] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] () R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-07] (Disc Soft Ltd) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvd.sys [70256 2011-10-26] (Miray) R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - ) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - ) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-20 12:04 - 2014-11-20 12:06 - 00029868 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-11-20 12:03 - 2014-11-20 12:07 - 00029844 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-11-20 12:02 - 2014-11-20 12:07 - 00000000 ____D () C:\FRST 2014-11-20 12:00 - 2014-11-20 12:00 - 02117120 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-11-20 03:56 - 2014-11-20 03:56 - 00000000 ____D () C:\ProgramData\Licenses 2014-11-19 18:10 - 2014-11-19 18:10 - 00000000 ____D () C:\Windows\ERUNT 2014-11-19 17:39 - 2014-11-19 17:47 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-11-19 09:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 09:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 09:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 09:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 21:35 - 2014-11-20 10:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-18 21:34 - 2014-11-18 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-18 21:34 - 2014-11-18 21:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-18 21:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-18 21:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-18 21:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-18 12:42 - 2014-11-18 12:42 - 00000375 _____ () C:\Users\Admin\Documents\autoplay_repair.zip 2014-11-17 16:42 - 2014-11-17 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-11-17 16:41 - 2014-11-17 16:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-11-17 16:41 - 2014-11-17 16:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-11-15 18:19 - 2014-11-15 18:19 - 00079991 _____ () C:\Users\Admin\Documents\silverlight.diagcab 2014-11-14 21:43 - 2014-11-20 10:04 - 00831975 _____ () C:\Windows\WindowsUpdate.log 2014-11-14 21:38 - 2014-11-20 09:58 - 00000896 _____ () C:\Windows\setupact.log 2014-11-14 21:38 - 2014-11-19 15:20 - 00003014 _____ () C:\Windows\PFRO.log 2014-11-14 21:38 - 2014-11-14 21:38 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-14 16:25 - 2014-11-14 16:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ABBYY 2014-11-14 16:01 - 2014-11-14 16:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-11-14 14:16 - 2014-11-14 14:16 - 00139996 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-11-14 14:14 - 2014-11-14 14:32 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-11-14 12:55 - 2014-11-14 12:55 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2014-11-14 12:51 - 2014-11-14 12:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2014-11-14 12:51 - 2014-11-14 12:51 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-11-14 12:49 - 2014-11-14 12:49 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin 2014-11-13 00:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 00:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 00:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 00:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 00:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 00:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 00:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 00:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 00:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 00:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 00:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 00:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 00:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 00:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 00:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 00:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 00:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 00:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 00:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 00:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 00:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 00:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 00:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 00:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 00:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 00:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 00:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 00:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 00:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 00:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 00:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 00:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 00:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 00:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 00:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 00:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 00:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 00:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 00:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 00:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 00:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 00:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 00:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 00:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 00:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 00:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 00:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 00:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 00:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 00:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 00:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 00:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 00:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 00:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 00:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 00:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 21:46 - 2014-11-14 15:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-11-12 21:45 - 2014-11-18 22:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader 2.0 2014-11-12 18:03 - 2014-11-12 18:03 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-11-12 15:40 - 2014-11-12 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2014-11-12 15:38 - 2014-11-12 15:37 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-11-12 15:37 - 2014-11-12 15:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-11-12 15:36 - 2014-11-12 15:36 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-11-12 10:05 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 10:05 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 10:05 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 10:05 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 10:05 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 10:05 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 10:05 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 10:05 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 10:05 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 10:04 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 10:04 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 10:04 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 01:19 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 01:19 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 01:19 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 01:19 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 01:19 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 01:19 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 01:19 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 01:19 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 01:19 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 01:19 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 01:19 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 01:19 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 01:19 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 01:19 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 01:18 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 01:18 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 01:18 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 01:18 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 01:18 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 01:18 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 01:18 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 01:18 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 01:18 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 01:18 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 01:18 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 01:18 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 01:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 01:18 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 01:18 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 01:18 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 01:18 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 01:18 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 01:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-10 17:27 - 2014-11-10 17:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-05 17:54 - 2014-11-05 17:57 - 00000000 ____D () C:\Users\Admin\Documents\Energie sparen ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-20 12:02 - 2012-11-08 23:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-20 12:00 - 2014-06-19 10:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-11-20 11:49 - 2013-05-15 11:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spamihilator 2014-11-20 11:47 - 2012-11-13 16:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TVgenial 2014-11-20 11:43 - 2012-11-09 02:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc 2014-11-20 11:35 - 2014-03-20 12:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-20 10:06 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-20 10:06 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-20 10:00 - 2013-04-02 12:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-11-20 10:00 - 2012-11-09 00:40 - 00000000 ____D () C:\Users\Admin\.rainlendar2 2014-11-20 09:59 - 2014-03-20 12:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-20 09:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-19 22:03 - 2014-03-13 20:07 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition 2014-11-19 19:40 - 2012-11-09 15:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2014-11-19 01:21 - 2011-02-14 13:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-11-19 01:21 - 2011-02-14 13:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-11-19 01:21 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-18 21:56 - 2014-01-09 01:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\entrusted 2014-11-18 21:34 - 2012-11-17 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-18 19:14 - 2012-11-08 23:15 - 00000000 ____D () C:\temp 2014-11-18 12:54 - 2012-11-11 00:21 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss 2014-11-17 20:24 - 2013-09-05 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\BOM 2014-11-17 16:17 - 2014-05-01 22:59 - 00000000 ____D () C:\ProgramData\ProductData 2014-11-17 10:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-16 22:32 - 2012-11-08 23:19 - 00000000 ____D () C:\Users\Admin\Documents\Urteile 2014-11-14 19:10 - 2012-12-09 19:20 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job 2014-11-14 16:01 - 2012-08-27 21:30 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-11-14 14:43 - 2013-08-21 08:12 - 00109672 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-14 14:41 - 2013-08-21 08:11 - 00419856 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-14 14:40 - 2014-05-01 22:59 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-11-14 14:40 - 2012-11-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Nuance 2014-11-14 14:34 - 2012-11-11 14:34 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-11-14 14:34 - 2012-08-27 21:27 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-14 14:21 - 2012-11-08 23:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe 2014-11-14 13:05 - 2012-08-28 06:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-14 12:51 - 2014-05-01 22:59 - 00000000 ____D () C:\ProgramData\IObit 2014-11-14 12:50 - 2013-09-23 10:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit 2014-11-14 12:49 - 2014-05-01 22:59 - 00001254 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-11-14 12:49 - 2014-05-01 22:59 - 00001230 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-11-14 12:47 - 2012-11-09 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 8 2014-11-14 12:45 - 2012-11-09 20:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Zeon 2014-11-14 12:45 - 2012-11-09 20:04 - 00000000 ____D () C:\ProgramData\Nuance 2014-11-14 12:44 - 2012-08-27 21:28 - 00000000 ____D () C:\ProgramData\Temp 2014-11-14 12:23 - 2012-11-11 23:52 - 00000000 ____D () C:\ProgramData\RFA_Backups 2014-11-14 10:39 - 2014-02-23 15:53 - 00000000 ____D () C:\Program Files\Adblock Plus for IE 2014-11-14 10:39 - 2012-12-24 20:29 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2014-11-12 21:58 - 2012-11-09 00:21 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-11-12 20:30 - 2014-03-20 12:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-12 20:30 - 2014-03-20 12:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-12 18:03 - 2012-11-08 23:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 18:03 - 2012-11-08 23:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 18:03 - 2012-11-08 23:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 16:31 - 2014-04-14 22:55 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-12 15:37 - 2014-04-17 20:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-11-12 15:37 - 2013-12-18 08:37 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-11-12 15:37 - 2013-04-02 12:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-11-12 15:37 - 2013-04-02 12:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-11-12 15:37 - 2013-04-02 12:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-11-12 15:37 - 2013-04-02 12:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-11-12 15:37 - 2013-04-02 12:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-11-12 15:36 - 2014-03-31 00:19 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-11-12 15:36 - 2013-04-02 12:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-12 14:25 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 10:21 - 2012-11-10 15:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 10:17 - 2013-08-13 23:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 10:09 - 2012-11-09 13:38 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 17:58 - 2012-11-08 23:18 - 00000000 ____D () C:\Users\Admin\Documents\SG 2014-11-11 07:05 - 2012-11-08 23:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-09 00:48 - 2013-11-12 15:26 - 00000000 ____D () C:\Users\Admin\Documents\Microsoft Toolkit v 2.4 BETA 6 2014-11-07 08:05 - 2012-11-09 02:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-11-06 12:07 - 2012-11-09 02:32 - 00001157 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-11-06 12:07 - 2012-11-09 02:32 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-04 10:13 - 2012-11-11 02:40 - 00000000 ____D () C:\Program Files\BatteryBar 2014-10-31 19:28 - 2012-11-08 23:18 - 00000000 ____D () C:\Users\Admin\Documents\Strom,Finanzen 2014-10-27 19:48 - 2012-11-08 23:17 - 00000000 ____D () C:\Users\Admin\Documents\JC Lübeck 2014-10-21 17:00 - 2012-11-20 00:42 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler 2014-10-21 11:02 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-10-21 00:44 - 2014-08-23 09:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-10-21 00:43 - 2013-06-28 22:34 - 00000000 ____D () C:\Program Files\Java Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\proxy_vole7153334352871499948.dll C:\Users\Admin\AppData\Local\Temp\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\{FCD06E32-7858-4358-AD18-1B914086B950}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-17 10:48 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by Admin at 2014-11-20 12:07:46
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2020 Musterbriefe (HKLM-x32\...\2020 Musterbriefe) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Brother MFL-Pro Suite (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{4A3FCC59-5231-4634-882C-BF8B511392C5}) (Version: 0.9.5 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
ClocX (1.5b2) (HKLM-x32\...\ClocX) (Version: - )
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
concept/design Video Jukebox (HKLM-x32\...\{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1) (Version: 1.3.0.0 - concept/design GmbH)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version: - )
Flatcast Viewer Plugin 5.3.0.784 (HKLM-x32\...\Flatcast Viewer 5.3_is1) (Version: - 1 mal 1 Software GmbH)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version: - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GIANTS Editor 4.1.7 (HKLM-x32\...\giants_editor_4.1.7_is1) (Version: 4.1.7 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HDClone 4.1 Professional Edition (HKLM-x32\...\HDClone.Professional.4.1.1.1031-{67D3C96E-256B-4739-A8E2-452E354256AB}) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.30 - IObit)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
POIbase 1.071 (HKLM-x32\...\POIbase_is1) (Version: - POIbase)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Registry First Aid (HKLM\...\Registry First Aid_is1) (Version: 8.0.1 - RoseCitySoftware)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Spamihilator 1.5.0 (64-Bit) (HKLM\...\{A0D450C6-07C4-40C7-8D2B-840565E91987}) (Version: 1.5.0 - Michel Krämer)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney 9.0 S-Edition (HKLM-x32\...\{DBE4B37E-4FF1-47AB-964E-DEF9AE2BE945}) (Version: 9.0 - Star Finanz GmbH)
Steganos Live Encryption Engine 17 (HKLM-x32\...\{C2490885-D566-405F-889B-670C6CF0F7F2}) (Version: 17.4.1 - Steganos Software GmbH)
Steganos Safe 2012 (HKLM-x32\...\{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}) (Version: 13.0.5 - Steganos Software GmbH)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2013.181 - TuneUp Software) Hidden
TVgenial 4.10 (HKLM-x32\...\TVgenial) (Version: - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1420 - 1&1 Mail & Media GmbH)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Care 365 version 2.13 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.13 - WiseCleaner.com, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2527506857-1470243597-2188628-1000_Classes\CLSID\{BABBB895-2A46-9F8D-0675-47C14CD8DC6B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
==================== Restore Points =========================
14-11-2014 15:14:54 IObit Uninstaller restore point
14-11-2014 15:15:31 Removed ABBYY PDF Transformer+.
14-11-2014 15:21:41 Installed MSXML 6.0 Parser
14-11-2014 15:22:18 Installed ABBYY PDF Transformer+.
14-11-2014 16:12:47 IObit Uninstaller restore point
14-11-2014 20:32:37 Removed Microsoft Silverlight
15-11-2014 16:58:45 Removed Microsoft Silverlight
18-11-2014 09:41:45 Windows Update
18-11-2014 11:52:29 18.11.2014
19-11-2014 10:49:37 Windows Update
20-11-2014 03:21:53 IObit Uninstaller restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2012-11-21 13:25 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 license.superantispyware.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0DA7F2DC-FD24-4FDC-8EFD-204F450B8B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {1EE66555-4CF6-4A6C-8FE1-205ADB9FA24B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {35040037-69DE-4DA4-B70A-3AC945807111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {573394D3-D980-4441-9FB2-512267D5D98E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {7E5D6BE3-0DBF-4103-B670-FA04DF7DEA6A} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-14] (IObit)
Task: {929A3209-33CA-4821-9200-550C9E3E0AA4} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe [2012-12-06] (WiseCleaner.com)
Task: {96C1FA8A-105E-4A2F-ACA6-96D0E88E272B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AFD00B44-D5F7-41C1-9477-E5B496010B55} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-30] (TuneUp Software)
Task: {CE9B0183-44B2-4378-B09C-A19A8851D0CD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {D687F713-EC7E-4CA3-AFEE-52C8C2CFB1C7} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-14] (IObit)
Task: {DF6CBB72-ADF5-4B57-AA51-92D5990F899B} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {E8896730-5B41-4DCE-AD4A-15C5E403889C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {EF8F8D2E-9EE5-4E90-806E-45E21BE6A4F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {F252A6B8-7F16-47BA-85A2-AA12DB8D2902} - System32\Tasks\Fujitsu\DeskUpdate => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {F72513FD-847C-4B08-93CC-B72240896256} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Registry First Aid auto.job => C:\Program Files\RFA 8\reg1aid64.exe
Task: C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-11-08 23:13 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 04411488 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () C:\Program Files\Rainlendar2\lua52.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00323584 _____ () C:\Program Files\Rainlendar2\libical.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 00082528 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00080384 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () C:\Program Files\Rainlendar2\lfs.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 11:51 - 2013-05-15 11:51 - 00073728 _____ () C:\Program Files\Spamihilator\zlib1.dll
2013-05-15 11:51 - 2013-05-15 11:51 - 00380928 _____ () C:\Program Files\Spamihilator\sqlite3.dll
2013-08-30 08:51 - 2013-08-30 08:51 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-06-19 10:48 - 2014-10-06 16:53 - 00775400 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-11-19 22:17 - 2014-11-19 22:17 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111901\algo.dll
2014-11-20 10:00 - 2014-11-20 10:00 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112000\algo.dll
2014-07-31 12:41 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll
2014-11-12 15:37 - 2014-11-12 15:37 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-10 17:27 - 2014-11-10 17:27 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:AEC0AC81
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53671882.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78539563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53671882.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78539563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Admin (S-1-5-21-2527506857-1470243597-2188628-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2527506857-1470243597-2188628-500 - Administrator - Disabled)
Gast (S-1-5-21-2527506857-1470243597-2188628-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2527506857-1470243597-2188628-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/20/2014 09:59:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 04:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 04:10:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm trupd.exe, Version 1.3.8.1102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1598
Startzeit: 01d0046f6514b256
Endzeit: 14
Anwendungspfad: C:\Program Files (x86)\Trojan Remover\trupd.exe
Berichts-ID: b2d7e20e-7062-11e4-924c-e0ca94af79b9
Error: (11/19/2014 07:40:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: a2start.exe, Version: 9.0.0.4570, Zeitstempel: 0x543c0095
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037017
ID des fehlerhaften Prozesses: 0x7b8
Startzeit der fehlerhaften Anwendung: 0xa2start.exe0
Pfad der fehlerhaften Anwendung: a2start.exe1
Pfad des fehlerhaften Moduls: a2start.exe2
Berichtskennung: a2start.exe3
Error: (11/19/2014 06:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 05:53:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 05:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 03:21:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:22:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2014 10:00:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.8.4.0, Zeitstempel: 0x51352df8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00042016
ID des fehlerhaften Prozesses: 0xae0
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
System errors:
=============
Error: (11/19/2014 10:48:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (11/19/2014 02:52:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/19/2014 02:52:16 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1352
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/19/2014 02:52:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
Error: (11/18/2014 08:48:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Unterstützung für Bluetooth-Funktionen" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 9.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PowerSavingUtilityService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (11/20/2014 09:59:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 04:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 04:10:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: trupd.exe1.3.8.1102159801d0046f6514b25614C:\Program Files (x86)\Trojan Remover\trupd.exeb2d7e20e-7062-11e4-924c-e0ca94af79b9
Error: (11/19/2014 07:40:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: a2start.exe9.0.0.4570543c0095KERNELBASE.dll6.1.7601.1840953159a86c0000005000370177b801d0041d58d3a8c3C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exeC:\Windows\syswow64\KERNELBASE.dll8816ba89-701b-11e4-924c-e0ca94af79b9
Error: (11/19/2014 06:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 05:53:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 05:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 03:21:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:22:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2014 10:00:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecQtCore4.dll4.8.4.051352df8c000000500042016ae001d0036f24bdc185C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \QtCore4.dllf96a8491-6f65-11e4-8ec2-e0ca94af79b9
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 53%
Total physical RAM: 3892.55 MB
Available physical RAM: 1796.4 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4922.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:463.76 GB) (Free:378.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A79E64B7)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von Ostseewind (20.11.2014 um 12:43 Uhr) |
| Themen zu Gefälschte Rechnung von 1&1 geöffnet |
| adobe, adware, antivirus, autokms, avast, browser, converter, defender, device driver, explorer, firefox, firefox 33.1, flash player, gefälschte rechnung von 1&1 geöffnet, home, homepage, installation, mozilla, object, realtek, registry, security, services.exe, software, starmoney, svchost.exe, system, trojan, vista, windows |
Baum-Darstellung