| |
| |||||||
Log-Analyse und Auswertung: Windows - Browser langsam und viel Werbung (v.a. Ads by Softonic)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.12.2014, 13:24
| #1 |
| |  Windows - Browser langsam und viel Werbung (v.a. Ads by Softonic) Hallo, ich habe folgendes Problem. Auf meinem Computer gibt es vier Benutzer, wobei 2 von mir benutzt werden und die anderen 2 eher selten. Der am meisten verwendete Benutzer ist zugleich auch der Admin und hat im Grunde kein Problem mit Werbung im Internet, wohl aber mit Abstürzen oder Aufhängen des Systems. Der Computer lässt dann nichts zu und reagiert auf keine Tasten mehr. Oft hilft dann nur noch ein Neustart mittels Stromzufuhr kappen. Der zweite Benutzer hat schon beim Öffnen des Browsers Probleme. Öffnet mehrere Fenster zugleich, mega viel Werbung (z.B. Ads by Softonic, by Certified Deals, Buzzwok,...) und ist ebenfalls sehr langsam. Hängt sich natürlich ebenso auf und das Arbeiten wird zur Geduldsprobe. Vorab noch eine Frage von mir, da ich mich doch nicht so gut auskenne. Macht es einen Unterschied auf welchem Benutzer ich die Scans mache, oder ist dies egal? Die Logs, die nun angehängt sind, stammen nämlich vom Admin Benutzer. Klammer hofft auf Hilfe  LG Klammer Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:08 on 15/12/2014 (Büro)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Büro (administrator) on BÜRO-PC on 15-12-2014 12:10:55
Running from C:\Users\Büro\Downloads
Loaded Profile: Büro (Available profiles: Büro & Stefan & Bernd & EM & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe
( ) C:\Windows\System32\lxeacoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Windows Net) C:\Users\Büro\AppData\Roaming\Windows Net Data\net.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database_39a44b\bin\FABS.exe
(Dropbox, Inc.) C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNzU3MTQ4NTcyLVRVRyszLUZMMTArMS1DSVArMi1MSUMrOC1MU0QrMi1ERFQrNDU1MC1ERDEwRisxLVNUMTBGQVBQKzE"&"prod=55"&"ver=10.0.1410
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2254223512-4089559681-775813960-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-18] (Google Inc.)
HKU\S-1-5-21-2254223512-4089559681-775813960-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2254223512-4089559681-775813960-1001\...\Run: [GoogleChromeAutoLaunch_6140041F20F3A411AF98CE953519BD21] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-2254223512-4089559681-775813960-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2254223512-4089559681-775813960-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 5.1 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Büro\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380615634805&tguid=66920-6787-1380615634805-F4B57BC18480E8F0A42148D3E521CDEC&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380615634805&tguid=66920-6787-1380615634805-F4B57BC18480E8F0A42148D3E521CDEC&st=chrome&q=
HKU\S-1-5-21-2254223512-4089559681-775813960-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380615634805&tguid=66920-6787-1380615634805-F4B57BC18480E8F0A42148D3E521CDEC&st=chrome&q=
HKU\S-1-5-21-2254223512-4089559681-775813960-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.org/?sc=de
HKU\S-1-5-21-2254223512-4089559681-775813960-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - findr Toolbar - {4373e9b4-0a12-4112-8e3d-36ded19ee3dd} - C:\Program Files (x86)\findr\prxtbfind.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380615634805&tguid=66920-6787-1380615634805-F4B57BC18480E8F0A42148D3E521CDEC&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> {0B8C178D-3047-45BB-A4F9-0303EB2AF414} URL = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=at
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119528&babsrc=SP_ss&mntrId=3a561626000000000000c03f0e42b708
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> {14F606B2-2F7C-4FEE-B81F-22DDAE4BEAE6} URL = hxxp://search.softonic.com/MOY00358/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=3a561626000000000000bcaec5b38a94&r=895
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=3a561626000000000000c03f0e42b708&tlver=1.4.19.19&ss=1&affID=17395
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> {9713B8A4-40C7-43A3-BC5B-3CAE923B6116} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380615634805&tguid=66920-6787-1380615634805-F4B57BC18480E8F0A42148D3E521CDEC&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> {F3AD6E52-CB14-4BE7-97F8-81C50B277138} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MGX&o=15359&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=JQ&apn_dtid=YYYYYYYYAT&apn_uid=45856D8A-38ED-4E20-8B55-DC1261A8D291&apn_sauid=985A0CCD-B9AA-4648-B44D-09C8D40D9DBC
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: CescrtHlpr Object -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: findr Toolbar -> {4373e9b4-0a12-4112-8e3d-36ded19ee3dd} -> C:\Program Files (x86)\findr\prxtbfind.dll (Conduit Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HomeTab -> {a25e7121-3dd8-41b3-855b-756c5bc45449} -> C:\Users\Büro\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: MAGIX Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
BHO-x32: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll (Hewlett-Packard)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - MAGIX Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - findr Toolbar - {4373e9b4-0a12-4112-8e3d-36ded19ee3dd} - C:\Program Files (x86)\findr\prxtbfind.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Büro\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2254223512-4089559681-775813960-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 213.33.99.70
FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default
FF NewTab: about:home
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Web Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380615634805&tguid=66920-6787-1380615634805-F4B57BC18480E8F0A42148D3E521CDEC&st=chrome&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\2020Player_IKEA@2020Technologies.com [2012-09-26]
FF Extension: Microsoft Default Manager - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\DefaultManager@Microsoft [2011-04-25]
FF Extension: pricealarm - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-10-01]
FF Extension: Babylon - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\ffxtlbr@babylon.com [2011-10-01]
FF Extension: Delta Toolbar - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\ffxtlbr@delta.com [2013-02-03]
FF Extension: Softonic Toolbar - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\ffxtlbra@softonic.com [2012-02-27]
FF Extension: HP Smart Print - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\hpwebprint@hpwebprint.com [2012-12-27]
FF Extension: MAGIX Toolbar - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\toolbar@ask.com [2012-07-04]
FF Extension: DVDVideoSoftTB Community Toolbar - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-12-04]
FF Extension: HomeTab - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947} [2013-10-01]
FF Extension: FoxyDeal - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-10-01]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2011-04-18]
FF Extension: Adblock Plus - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\50toe9zk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-02]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2012-12-28]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Bro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll No File
CHR Plugin: (Free Studio) - C:\Users\Bro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Profile: C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (FoxyDeal) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan [2013-10-01]
CHR Extension: (HomeTab) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddpogknpjlgfpbboediomaiiaecfajn [2013-12-19]
CHR Extension: (YouTube) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-30]
CHR Extension: (Google-Suche) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-30]
CHR Extension: (Babylon Translator) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-08-30]
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-09-19]
CHR Extension: (Delta Toolbar) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-02-04]
CHR Extension: (No Name) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-10-01]
CHR Extension: (AVG Secure Search) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-30]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-12-10]
CHR Extension: (Google Wallet) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]
CHR Extension: (Google Mail) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-30]
CHR HKU\S-1-5-21-2254223512-4089559681-775813960-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx [2010-12-28]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Büro\AppData\Roaming\Delta\delta.crx [2012-11-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database_39a44b\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database_39a44b\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-09-28] (AVG Technologies)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2010-05-20] ()
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
S3 AIDA64Driver; \??\E:\Programme\aida64extreme120\kerneld.x64 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 12:10 - 2014-12-15 12:12 - 00029895 _____ () C:\Users\Büro\Downloads\FRST.txt
2014-12-15 12:10 - 2014-12-15 12:11 - 00000000 ____D () C:\FRST
2014-12-15 12:10 - 2014-12-15 12:10 - 02119168 _____ (Farbar) C:\Users\Büro\Downloads\FRST64.exe
2014-12-15 12:08 - 2014-12-15 12:08 - 00000470 _____ () C:\Users\Büro\Desktop\defogger_disable.log
2014-12-15 12:08 - 2014-12-15 12:08 - 00000000 _____ () C:\Users\Büro\defogger_reenable
2014-12-15 12:07 - 2014-12-15 12:07 - 00050477 _____ () C:\Users\Büro\Downloads\Defogger.exe
2014-12-13 11:56 - 2014-12-13 11:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-13 04:39 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-13 04:39 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-13 04:39 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-13 04:39 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-13 04:39 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-13 04:39 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-13 04:39 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-13 04:39 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-13 04:39 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-13 04:39 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-12 18:14 - 2014-12-12 18:19 - 23973300 _____ () C:\Users\Büro\Downloads\SkypeSetupFull.exe.t37w5j0.partial
2014-12-12 10:34 - 2014-11-21 09:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 10:34 - 2014-11-21 09:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 10:34 - 2014-11-21 09:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 10:34 - 2014-11-21 09:37 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 10:34 - 2014-11-21 09:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 10:34 - 2014-11-21 09:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 10:34 - 2014-11-21 08:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 10:34 - 2014-11-21 08:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 10:34 - 2014-11-21 08:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 10:34 - 2014-11-21 08:17 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 10:34 - 2014-11-21 08:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-12 10:34 - 2014-11-21 08:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 10:34 - 2014-11-21 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 10:34 - 2014-11-21 08:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-12 10:34 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 10:34 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 10:34 - 2014-11-21 07:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-12 10:34 - 2014-11-21 07:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-12 10:34 - 2014-11-21 07:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-12 10:34 - 2014-11-21 06:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-12 10:33 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-12 10:33 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-12 10:33 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-12 10:33 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-12 10:33 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-12 10:33 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-12 10:33 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-12 10:33 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-12 10:33 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 10:33 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 10:33 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 10:32 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 10:32 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-12 10:32 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 10:32 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 10:32 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 10:32 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 10:32 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 10:32 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 10:32 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 10:32 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 10:32 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 10:32 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 10:32 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 10:32 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-11-19 08:18 - 2014-11-19 08:18 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Avg
2014-11-19 08:18 - 2014-11-19 08:18 - 00000000 ____D () C:\Users\EM\AppData\Local\Avg
2014-11-19 08:18 - 2014-11-19 08:18 - 00000000 ____D () C:\Users\Büro\AppData\Local\Avg
2014-11-19 08:18 - 2014-11-19 08:18 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Avg
2014-11-19 08:07 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 08:07 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 08:07 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 08:07 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 12:08 - 2011-04-16 18:57 - 00000000 ____D () C:\Users\Büro
2014-12-15 12:06 - 2013-11-22 08:46 - 00000000 ____D () C:\Users\Büro\Documents\Gesendete Mails Sicherungsordner
2014-12-15 12:06 - 2013-11-12 21:17 - 00000000 ____D () C:\Users\Büro\AppData\Local\0DB2EAE9-AEC8-4BA7-BF14-507DB74FB200.aplzod
2014-12-15 12:00 - 2011-03-30 13:52 - 01062793 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 11:28 - 2012-05-04 18:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 11:22 - 2011-04-18 06:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 11:16 - 2013-06-03 05:34 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-12-15 11:16 - 2011-04-18 06:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 11:16 - 2011-04-16 19:53 - 00343079 _____ () C:\ProgramData\lxeascan.log
2014-12-15 11:11 - 2011-04-16 20:02 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-15 07:32 - 2009-07-14 05:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 07:32 - 2009-07-14 05:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:40 - 2011-05-28 19:03 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2BC334D9-6537-4807-9630-1CA2BC9FB0B1}
2014-12-13 14:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 12:26 - 2012-06-03 18:16 - 00000000 ___RD () C:\Users\Büro\Dropbox
2014-12-13 12:26 - 2012-06-03 18:14 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\Dropbox
2014-12-13 12:25 - 2012-06-03 18:15 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-13 12:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-13 12:19 - 2009-07-14 05:51 - 00066807 _____ () C:\Windows\setupact.log
2014-12-13 11:56 - 2014-05-01 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 11:40 - 2011-04-16 19:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 10:15 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-13 06:12 - 2011-09-08 08:47 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 03:04 - 2013-01-16 09:18 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 10:13 - 2013-03-26 20:28 - 00000000 ____D () C:\Users\EM
2014-12-12 10:13 - 2012-07-04 16:17 - 00000000 ____D () C:\Users\Bernd
2014-12-12 10:13 - 2011-04-30 12:22 - 00000000 ____D () C:\Users\Gast
2014-12-12 10:13 - 2011-04-18 15:10 - 00000000 ____D () C:\Users\Stefan
2014-12-12 10:13 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-12 10:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-12-12 10:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-12 10:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-12 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 18:28 - 2012-05-04 18:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:28 - 2012-05-04 18:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 18:28 - 2011-08-01 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-04 16:00 - 2011-12-06 22:11 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8BFF6E9D-1055-4C36-B531-141A8135D9CB}
2014-12-01 11:10 - 2011-04-16 19:54 - 00313498 _____ () C:\Windows\PFRO.log
2014-12-01 11:00 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-12-01 11:00 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-12-01 11:00 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-19 08:24 - 2014-04-01 08:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-19 08:24 - 2014-01-29 12:55 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-11-19 08:20 - 2012-07-01 23:40 - 00000000 ____D () C:\Windows\Minidump
Some content of TEMP:
====================
C:\Users\Büro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpily7ew.dll
C:\Users\EM\AppData\Local\Temp\apptorun.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 07:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Büro at 2014-12-15 12:12:54
Running from C:\Users\Büro\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{123A22CB-6D84-4135-A71F-886C9119E996}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: - ArcSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.12.2.0 - Ask.com) <==== ATTENTION
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4235 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
Babylon toolbar (HKLM-x32\...\BabylonToolbar) (Version: - ) <==== ATTENTION
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant Polaris Unused CIR Function (HKLM\...\Uninstaller50dc2bf82c0) (Version: 1.0.0.0 - Conexant Systems)
CUEcards 2000 (HKLM-x32\...\CUEcards 2000) (Version: - Marcus Humann Software-Technik)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\{177586E7-E42E-4F38-83D1-D15B4AF5B714}) (Version: 1.0.0.0 - DeltaInstaller) <==== ATTENTION
Delta toolbar (HKLM-x32\...\delta) (Version: 1.8.10.0 - Delta) <==== ATTENTION
Dropbox (HKU\S-1-5-21-2254223512-4089559681-775813960-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.8.2.0 - DVDVideoSoftTB)
easy2000 Einnahmen-Ausgaben Buchhaltung 2013 (HKLM-x32\...\easy2000 Einnahmen-Ausgaben Buchhaltung_is1) (Version: - easy2000)
Faktum Faktura (HKLM-x32\...\{2D6E5161-28AB-4BD3-B266-97B8B28831B3}) (Version: 5.7.13 - Faktum Software GmbH)
Faszinierende-Lebensräume (HKLM-x32\...\ST6UNST #1) (Version: - )
findr Toolbar (HKLM-x32\...\findr Toolbar) (Version: 6.10.2.5 - findr)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FoxyDeal (HKLM-x32\...\FoxyDeal) (Version: 1.1.0 - R&E Media GmbH)
Free YouTube Download version 3.1.40.1031 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.40.1031 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HomeTab 4.4 (HKLM-x32\...\{327b0f8c-49d9-466c-a8ab-0c30310a3ad0}_is1) (Version: 4.4 - HomeTab) <==== ATTENTION
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Smart Print 2.1 (HKLM-x32\...\{AC6057B3-631D-45F1-8E1F-5160ADD01D08}) (Version: 2.1.0.235 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Foto Manager MX Deluxe (HKLM-x32\...\MAGIX_{A01EDF83-011F-46FC-889B-16FFD2BEE968}) (Version: 9.0.0.227 - MAGIX AG)
MAGIX Foto Manager MX Deluxe (x32 Version: 9.0.0.227 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{83877B00-513F-4F4B-B56E-B7FBB002E06B}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 (HKLM-x32\...\MAGIX_{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}) (Version: 19.0.1.36 - MAGIX AG)
MAGIX Music Maker 2013 (Version: 19.0.1.36 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker silver 15.0.1.9 (UK) (HKLM-x32\...\MAGIX Music Maker silver UK) (Version: 15.0.1.9 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{011CDFD4-4E14-44D2-B6B5-5E74C043406A}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{7AD52089-1158-42B0-BD44-475578594E43}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Slideshow Maker 2 (x32 Version: 2.0.1.9 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{ACC39D8C-E61C-45DE-B28D-10618FC1D64C}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX (HKLM-x32\...\MAGIX_MSI_Videodeluxe18) (Version: 11.0.0.38 - MAGIX AG)
MAGIX Video deluxe MX (x32 Version: 11.0.0.38 - MAGIX AG) Hidden
MAGIX Web Designer MX (HKLM-x32\...\MAGIX_{53C19168-C63B-4ACE-8E72-14FD253374D8}) (Version: 8.0.2.21761 - MAGIX AG)
MAGIX Web Designer MX (Version: 8.0.2.21761 - MAGIX AG) Hidden
MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{739FE2DC-0C7E-4A1C-AC6E-46348169E27E}) (Version: 8.0.2.21761 - MAGIX AG)
MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden
Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
orgaMAX Business Software (HKLM-x32\...\orgaMAX_is1) (Version: 13.0 - deltra Business Software)
PHOTOfunSTUDIO 5.1 HD Edition (HKLM-x32\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.01.130 - Panasonic Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Root Zertifikats Setup (HKLM-x32\...\{170A8BDC-BE9D-412C-B550-E04A6A02AC1D}) (Version: 1.0.6 - TIS-SBS)
simplitec simplicheck (HKLM-x32\...\{EC3825A1-02C6-4A83-8CA4-3F97A25CD37B}) (Version: 1.2.6.0 - simplitec GmbH)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten (HKLM\...\{21C069F9-8BC5-4A24-9C8B-7D33E5645E09}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VAVakus (HKLM-x32\...\{3C426191-AA16-45BA-A04B-95B105FC9328}) (Version: 11.0.0.0 - VAV)
Video Grabber (HKLM\...\Uninstaller50dc2bfa3c6) (Version: 1.0.0.0 - Conexant Systems)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Designer MX Update (Version: 8.1.3.23922 - MAGIX AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version: - )
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2254223512-4089559681-775813960-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
20-11-2014 02:00:43 Windows Update
20-11-2014 02:00:45 Geplanter Prüfpunkt
25-11-2014 14:00:25 Windows-Sicherung
02-12-2014 19:11:09 Windows-Sicherung
09-12-2014 14:00:27 Windows-Sicherung
11-12-2014 02:01:31 Windows Update
13-12-2014 02:01:12 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {004D7D6F-C314-44BD-A776-EB2553C05E8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {04C7A9DA-510A-48A6-B026-6FFCD9B10E9D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {0F5C0887-EE49-42AD-9060-DC4135BD3A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {1B0D0CBF-C302-4FEA-85B9-1E5D39604646} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {23C19823-9CA5-47F1-8625-8C4292738156} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {4D0FE892-4751-42C7-A83A-EFD6629484F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {68343532-D173-4E86-9609-DFBC82623327} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{523DEA17-8122-411E-BA0F-DD2EAFED49BF}.exe
Task: {6C39A6E5-B205-42A6-8C31-78FC76D66D43} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {744257B4-4ED7-4743-B6D4-06CDE658F530} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-05-17] () <==== ATTENTION
Task: {AE4A7D1B-1F9B-46F4-80D8-444429432CA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {CD3E5409-E08E-4529-BB29-409161584260} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Task: {DD16E30C-3FB5-4819-AF4C-F61ABE24E1D6} - System32\Tasks\{EBF8157F-5876-4899-AE0A-8A41DB596ADF} => pcalua.exe -a C:\Users\Büro\Downloads\VAVakus11.0.exe -d C:\Users\Büro\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{523DEA17-8122-411E-BA0F-DD2EAFED49BF}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
==================== Loaded Modules (whitelisted) =============
2011-04-16 18:56 - 2009-11-04 12:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2011-05-13 09:30 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-04-18 09:28 - 2011-01-23 19:08 - 00770728 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2011-04-18 09:28 - 2011-01-23 19:08 - 00148280 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2011-04-18 09:28 - 2010-04-01 11:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2011-04-18 09:28 - 2009-05-27 06:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2011-04-18 09:28 - 2010-04-01 11:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2011-04-18 09:28 - 2009-03-09 23:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2009-02-20 07:48 - 2009-02-20 07:48 - 00381440 _____ () C:\Windows\system32\lxeasm.dll
2009-04-28 06:56 - 2009-04-28 06:56 - 00024064 _____ () C:\Windows\system32\lxeasmr.dll
2011-04-18 09:28 - 2010-04-05 04:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
2011-04-18 09:28 - 2010-04-05 04:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
2011-04-18 09:28 - 2010-04-05 04:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
2011-04-18 09:28 - 2010-04-05 04:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
2011-04-18 09:28 - 2010-04-05 04:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
2011-04-18 09:28 - 2009-06-23 05:09 - 02203648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
2011-04-18 09:28 - 2009-06-23 05:10 - 00045056 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
2011-04-18 09:28 - 2009-06-23 05:11 - 00102400 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
2011-04-18 09:28 - 2009-04-07 13:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
2011-04-18 09:29 - 2009-03-02 08:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Büro\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-13 12:25 - 2014-12-13 12:25 - 00043008 _____ () c:\users\bro~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpily7ew.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Büro\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Büro\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Büro\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2254223512-4089559681-775813960-500 - Administrator - Disabled)
Bernd (S-1-5-21-2254223512-4089559681-775813960-1006 - Limited - Enabled) => C:\Users\Bernd
Büro (S-1-5-21-2254223512-4089559681-775813960-1001 - Administrator - Enabled) => C:\Users\Büro
EM (S-1-5-21-2254223512-4089559681-775813960-1007 - Limited - Enabled) => C:\Users\EM
Gast (S-1-5-21-2254223512-4089559681-775813960-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2254223512-4089559681-775813960-1005 - Limited - Enabled)
Stefan (S-1-5-21-2254223512-4089559681-775813960-1003 - Limited - Enabled) => C:\Users\Stefan
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/15/2014 07:10:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_aepdu.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc9e0
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x201c
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_aepdu.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_aepdu.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_aepdu.dll2
Berichtskennung: rundll32.exe_aepdu.dll3
Error: (12/12/2014 10:20:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.17148 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1264
Startzeit: 01d015ec811402dd
Endzeit: 0
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: 152f8280-81e0-11e4-872a-bcaec5b38a94
Error: (12/11/2014 08:35:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.17183 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: fd8
Startzeit: 01d01577aa93d45a
Endzeit: 0
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID:
Error: (12/09/2014 08:57:57 AM) (Source: Microsoft Office 12) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.
Error: (12/03/2014 05:29:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17148, Zeitstempel: 0x544c16cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x035e1001
ID des fehlerhaften Prozesses: 0x5118
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (12/03/2014 05:29:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17148, Zeitstempel: 0x544c16cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x035e1001
ID des fehlerhaften Prozesses: 0x5118
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (12/03/2014 05:29:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17148, Zeitstempel: 0x544c16cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02e11001
ID des fehlerhaften Prozesses: 0x5798
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (12/03/2014 11:38:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.17148 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2010
Startzeit: 01d00ee1e1f026c0
Endzeit: 450
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (12/02/2014 01:29:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (12/02/2014 01:29:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
System errors:
=============
Error: (12/15/2014 00:00:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/15/2014 09:09:27 AM) (Source: DCOM) (EventID: 10016) (User: Büro-PC)
Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Büro-PCBüroS-1-5-21-2254223512-4089559681-775813960-1001LocalHost (unter Verwendung von LRPC)
Error: (12/15/2014 09:09:27 AM) (Source: DCOM) (EventID: 10016) (User: Büro-PC)
Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Büro-PCBüroS-1-5-21-2254223512-4089559681-775813960-1001LocalHost (unter Verwendung von LRPC)
Error: (12/15/2014 08:44:43 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/15/2014 08:44:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
Error: (12/15/2014 07:10:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/14/2014 00:52:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/13/2014 04:52:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/13/2014 02:47:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/13/2014 11:18:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
Error: (12/19/2013 02:15:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 730 seconds with 60 seconds of active time. This session ended with a crash.
Error: (11/27/2013 07:37:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/16/2013 00:18:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 789 seconds with 780 seconds of active time. This session ended with a crash.
Error: (07/17/2013 07:59:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1501 seconds with 300 seconds of active time. This session ended with a crash.
Error: (04/24/2012 08:49:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2541 seconds with 1740 seconds of active time. This session ended with a crash.
Error: (03/15/2012 00:49:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/23/2012 10:58:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/28/2011 08:08:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84584 seconds with 300 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 79%
Total physical RAM: 2013.05 MB
Available physical RAM: 404.96 MB
Total Pagefile: 4026.11 MB
Available Pagefile: 1712.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:138.74 GB) NTFS
Drive f: (SAMSUNG) (Fixed) (Total:1396.92 GB) (Free:823.8 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DF76A8D8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 7559EDBF)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-15 13:05:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 ST3320413AS rev.JC45 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\BRO~1\AppData\Local\Temp\kxldqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758d1465 2 bytes [8D, 75]
.text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758d14bb 2 bytes [8D, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\spoolsv.exe [1408:2468] 00000000510715f0
Thread C:\Windows\System32\spoolsv.exe [1408:2636] 0000000065096190
Thread C:\Windows\System32\spoolsv.exe [1408:2704] 000007fef65310c8
Thread C:\Windows\System32\spoolsv.exe [1408:2712] 000007fef6506144
Thread C:\Windows\System32\spoolsv.exe [1408:2716] 000007fef83d5fd0
Thread C:\Windows\System32\spoolsv.exe [1408:2720] 000007fef7653438
Thread C:\Windows\System32\spoolsv.exe [1408:2724] 000007fef83d63ec
Thread C:\Windows\System32\spoolsv.exe [1408:2832] 000007fef6568760
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1928:2268] 0000000054a38f75
Thread C:\Windows\System32\WUDFHost.exe [3496:3524] 000007fef4c124a0
Thread C:\Windows\SysWOW64\ctfmon.exe [5104:3896] 0000000076208bec
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4476:4864] 000007fefaca2bf8
Thread [1976:5208] 0000000077a02e65
Thread [1976:7500] 0000000077a03e85
Thread C:\Windows\system32\taskhost.exe [4544:7848] 000007fef3cb1f38
Thread C:\Windows\system32\taskhost.exe [4544:4656] 000007fef3cc2740
Thread C:\Windows\system32\taskhost.exe [4544:5432] 000007fefa131010
Thread C:\Windows\system32\taskhost.exe [4544:1548] 000007fef5595170
Thread C:\Windows\Explorer.EXE [8840:6712] 000007fef2d52f9c
Thread C:\Windows\Explorer.EXE [8840:856] 000007fef0ac2118
Thread C:\Windows\Explorer.EXE [8840:8592] 000007fef33f2154
Thread C:\Windows\Explorer.EXE [8840:8356] 000007fefa131010
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [7868:6464] 00000000636c876d
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [7868:7948] 0000000068712ab2
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [7868:1684] 0000000068712ab2
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [7868:6072] 0000000068712ab2
---- Processes - GMER 2.1 ----
Process C:\Users\Büro\AppData\Roaming\Windows Net Data\net.exe (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Windows Net Data\net.exe [3920] (Windows Net/Windows Net)(2013-10-01 08:22:05) 0000000000400000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [4012] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 00000000605b0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [4012] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000005e550000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [4012](2014-10-22 00:22:50) 0000000066380000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [4012] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000005e160000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [4012] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [4012] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 0000000004010000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [4012] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000
---- EOF - GMER 2.1 ----
|
Baum-Darstellung