Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "PROXY" Einträge in der Registrierungsdatenbank

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.05.2015, 16:51   #1
Haselocke
 
"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Hallo liebes Board,

mein AdwCleaner zeigt mir durchgehend diese Meldung, diese wird nach dem "Löschen" wieder angezeigt..

Code:
ATTFilter
# AdwCleaner v4.203 - Bericht erstellt 03/05/2015 um 17:23:21
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-02.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Sophie - SOPHIE-PC
# Gestarted von : C:\Users\Sophie\Downloads\adwcleaner_4.203.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:58669;hxxps=127.0.0.1:58669
Wert Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Wert Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16636


-\\ Google Chrome v42.0.2311.135


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [7094 Bytes] - [02/05/2015 17:13:50]
AdwCleaner[R1].txt - [1555 Bytes] - [03/05/2015 09:31:44]
AdwCleaner[R2].txt - [1673 Bytes] - [03/05/2015 13:31:18]
AdwCleaner[R3].txt - [1476 Bytes] - [03/05/2015 17:23:21]
AdwCleaner[S0].txt - [5726 Bytes] - [02/05/2015 17:15:51]
AdwCleaner[S1].txt - [1384 Bytes] - [03/05/2015 09:33:30]
AdwCleaner[S2].txt - [1502 Bytes] - [03/05/2015 13:33:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1712 Bytes] ##########
         

Hier dazu gleich der FRST-Scan

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by Sophie (administrator) on SOPHIE-PC on 03-05-2015 17:32:26
Running from C:\Users\Sophie\Downloads
Loaded Profiles: Sophie & UpdatusUser (Available profiles: Sophie & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Sophie\Downloads\adwcleaner_4.203.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-01] (Avast Software s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-795088716-3225698515-1859665541-1000\...\MountPoints2: {52ebebad-b092-11e4-a55d-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58669;https=127.0.0.1:58669
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-795088716-3225698515-1859665541-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-795088716-3225698515-1859665541-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-13] (Avast Software s.r.o.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-31] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-31] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-10]

Chrome: 
=======
CHR StartupUrls: Profile 1 -> "https://www.google.de/"
CHR Profile: C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
CHR Extension: (Google Docs) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-02]
CHR Extension: (YouTube) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-02]
CHR Extension: (Google Search) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-02]
CHR Extension: (Google Sheets) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
CHR Extension: (Bookmark Manager) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-11]
CHR Extension: (Avast Online Security) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Gmail) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-01] (Avast Software)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 lusotocu; C:\Users\Sophie\AppData\Roaming\DC8131B1-1430558212-4F9A-C680-001FC6136CD0\jnsgF8DF.tmp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-01] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 AtcL001; C:\Windows\System32\DRIVERS\atl01v32.sys [48128 2007-03-15] (Attansic Technology corporation.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2015-04-07] ()
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-23] (Emsisoft GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2015-04-07] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-01] (Avast Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 17:32 - 2015-05-03 17:33 - 00013288 _____ () C:\Users\Sophie\Downloads\FRST.txt
2015-05-03 17:32 - 2015-05-03 17:32 - 00000000 ____D () C:\FRST
2015-05-03 17:31 - 2015-05-03 17:31 - 01140736 _____ (Farbar) C:\Users\Sophie\Downloads\FRST.exe
2015-05-03 12:39 - 2015-05-03 12:39 - 01114376 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]Nautical.rar
2015-05-03 12:39 - 2015-05-03 12:39 - 00553511 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]FloralChiffonDress.rar
2015-05-03 12:38 - 2015-05-03 12:38 - 00980011 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]BeltedDresses.rar
2015-05-03 12:38 - 2015-05-03 12:38 - 00980011 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]BeltedDresses (1).rar
2015-05-03 12:38 - 2015-05-03 12:38 - 00527448 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]Hello-AF.rar
2015-05-03 12:35 - 2015-05-03 12:35 - 00661980 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]SweetLilac - AF.rar
2015-05-03 12:35 - 2015-05-03 12:35 - 00524696 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]Society - AF.rar
2015-05-03 12:34 - 2015-05-03 12:34 - 03465606 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]Candice Swanepoel Style.rar
2015-05-03 12:34 - 2015-05-03 12:34 - 00981894 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]Pink&Lime.rar
2015-05-03 12:32 - 2015-05-03 12:33 - 00643217 _____ () C:\Users\Sophie\Downloads\Gift - 4[Places-AF].rar
2015-05-03 12:29 - 2015-05-03 12:29 - 01319872 _____ () C:\Users\Sophie\Downloads\Gift - 21[Paris-AF].rar
2015-05-03 12:28 - 2015-05-03 12:28 - 02273437 _____ () C:\Users\Sophie\Downloads\Gift - 28[Bright-AF].rar
2015-05-03 12:27 - 2015-05-03 12:27 - 00667559 _____ () C:\Users\Sophie\Downloads\Gift - 30[NoWifi-AF].rar
2015-05-03 12:26 - 2015-05-03 12:26 - 01977946 _____ () C:\Users\Sophie\Downloads\Far Away-AF.rar
2015-05-03 12:26 - 2015-05-03 12:26 - 01229866 _____ () C:\Users\Sophie\Downloads\Coats - AF.rar
2015-05-03 12:26 - 2015-05-03 12:26 - 00732795 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]AdidasJacket-M.rar
2015-05-03 12:24 - 2015-05-03 12:24 - 127463343 _____ () C:\Users\Sophie\Downloads\Triple S Ranch Wedding Venue.Sims2Pack
2015-05-03 12:24 - 2015-05-03 12:24 - 00853876 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]ModeDress-TopOnly.rar
2015-05-03 12:23 - 2015-05-03 12:24 - 111180963 _____ () C:\Users\Sophie\Downloads\CS_AllOfTheThings_BuildBuy.rar
2015-05-03 12:22 - 2015-05-03 12:22 - 04722685 _____ () C:\Users\Sophie\Downloads\[Veranka] Advent 2014 - Thorpe Build.rar
2015-05-03 12:21 - 2015-05-03 12:21 - 00412109 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]Apricot.rar
2015-05-03 12:19 - 2015-05-03 12:19 - 01496659 _____ () C:\Users\Sophie\Downloads\SkeletonTea-BaggyHoodie-SlouchyBoots-WhiteShirts.rar
2015-05-03 12:19 - 2015-05-03 12:19 - 01364293 _____ () C:\Users\Sophie\Downloads\SkeletonTea-Serene-Breeze-Flats.rar
2015-05-03 12:16 - 2015-05-03 12:17 - 16548521 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]Ombre Pack - New Colors.rar
2015-05-03 12:14 - 2015-05-03 12:14 - 10384127 _____ () C:\Users\Sophie\Downloads\Anitka- Alesso Dreams Retextured - Pastel Colors.rar
2015-05-03 12:14 - 2015-05-03 12:14 - 03594266 _____ () C:\Users\Sophie\Downloads\Anitka - Sweater Weather - set of sweaters on Sentate's mesh.rar
2015-05-03 12:14 - 2015-05-03 12:14 - 02637246 _____ () C:\Users\Sophie\Downloads\Anitka - Now What - set of paintings on Billyjean's mesh.rar
2015-05-03 12:14 - 2015-05-03 12:14 - 02361670 _____ () C:\Users\Sophie\Downloads\Anitka - The State Of Dreaming - set of cushions.rar
2015-05-03 12:14 - 2015-05-03 12:14 - 02102579 _____ () C:\Users\Sophie\Downloads\Anitka - Hearts Like Ours - set of cushions.rar
2015-05-03 12:14 - 2015-05-03 12:14 - 02013241 _____ () C:\Users\Sophie\Downloads\Anitka - Edge of the World - Set of cushions.rar
2015-05-03 12:12 - 2015-05-03 12:12 - 03396002 _____ () C:\Users\Sophie\Downloads\DeeDee-Veranka4t2Hoodie-EM.rar
2015-05-03 12:12 - 2015-05-03 12:12 - 00380362 _____ () C:\Users\Sophie\Downloads\DeeDee-Veranka4t2Hoodie-EM-Slaved.rar
2015-05-03 12:11 - 2015-05-03 12:11 - 01377899 _____ () C:\Users\Sophie\Downloads\YPlum-Willow-aftf.rar
2015-05-03 12:09 - 2015-05-03 12:10 - 18726582 _____ () C:\Users\Sophie\Downloads\Anitka - 650+ FOLLOWERS GIFT!.rar
2015-05-03 12:09 - 2015-05-03 12:09 - 01246218 _____ () C:\Users\Sophie\Downloads\[AlwaysSims]Wrap plaid skirt - AF.rar
2015-05-03 12:06 - 2015-05-03 12:06 - 04353776 _____ () C:\Users\Sophie\Downloads\Leggings_byEB.zip
2015-05-03 12:05 - 2015-05-03 12:05 - 04617353 _____ () C:\Users\Sophie\Downloads\♥Chocolat♥ 1220outfit.zip
2015-05-03 12:03 - 2015-05-03 12:03 - 00233993 _____ () C:\Users\Sophie\Downloads\leefish_ymTop_BlazerOpenCollarTucked_WhitePlaidGray.rar
2015-05-03 10:09 - 2015-05-03 10:09 - 00761484 _____ () C:\Users\Sophie\Downloads\CSF_IKEA_arkelstorp_RECOLORS.rar
2015-05-03 10:09 - 2015-05-03 10:09 - 00214624 _____ () C:\Users\Sophie\Downloads\CSF_IKEA_arkelstorp_MESHES.rar
2015-05-03 10:06 - 2015-05-03 10:06 - 16886854 _____ () C:\Users\Sophie\Downloads\[moxxa] 3t2 Cashcraft - Rustic Restoration Dining.zip
2015-05-03 10:06 - 2015-05-03 10:06 - 10585057 _____ () C:\Users\Sophie\Downloads\[moxxa] 3t2 Wondymoon Antimony Living.rar
2015-05-03 10:01 - 2015-05-03 10:01 - 01571586 _____ () C:\Users\Sophie\Downloads\[moxxa] Deco Apple Laptops.rar
2015-05-03 10:00 - 2015-05-03 10:00 - 08268807 _____ () C:\Users\Sophie\Downloads\[moxxa]Collage Pictures.rar
2015-05-03 09:58 - 2015-05-03 09:59 - 55464605 _____ () C:\Users\Sophie\Downloads\Happy new Year 2015! (1).zip
2015-05-03 09:57 - 2015-05-03 09:57 - 10943081 _____ () C:\Users\Sophie\Downloads\[moxxa] RC Anon requests.rar
2015-05-03 09:54 - 2015-05-03 09:54 - 02027990 _____ () C:\Users\Sophie\Downloads\[moi]moxxasimonstudy.rar
2015-05-03 09:50 - 2015-05-03 09:50 - 02821560 _____ () C:\Users\Sophie\Downloads\[moxxa]RC ChungKong Art.rar
2015-05-03 09:47 - 2015-05-03 09:47 - 04209913 _____ () C:\Users\Sophie\Downloads\Puccamichi-StealthicCaptivated-4to2AllAges.7z
2015-05-03 09:45 - 2015-05-03 09:46 - 03193106 _____ () C:\Users\Sophie\Downloads\3t2 marcussims.rar
2015-05-02 17:13 - 2015-05-03 17:24 - 00000000 ____D () C:\AdwCleaner
2015-05-02 16:21 - 2015-05-02 16:21 - 02204160 _____ () C:\Users\Sophie\Downloads\adwcleaner_4.203.exe
2015-05-02 15:39 - 2015-05-02 15:39 - 00001220 _____ () C:\EamClean.log
2015-05-02 15:34 - 2015-05-02 15:34 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-02 12:48 - 2015-05-02 12:48 - 00000122 _____ () C:\Windows\wininit.ini
2015-05-02 12:32 - 2015-05-02 17:16 - 00000981 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-02 12:23 - 2015-05-02 12:23 - 00000888 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-05-02 12:23 - 2015-05-02 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-02 12:22 - 2015-05-03 16:48 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-05-02 12:22 - 2015-03-23 23:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-05-02 12:09 - 2015-05-02 12:11 - 170234744 _____ (Emsisoft Ltd. ) C:\Users\Sophie\Downloads\EmsisoftAntiMalwareSetup_9.0.0.5066.exe
2015-05-02 11:55 - 2006-09-18 23:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150502-115558.backup
2015-05-02 11:50 - 2015-05-03 16:47 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-05-02 11:50 - 2015-05-02 11:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-02 11:50 - 2015-05-02 11:50 - 00001970 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-02 11:50 - 2015-05-02 11:50 - 00001958 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-02 11:50 - 2015-05-02 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-02 11:50 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-02 11:49 - 2015-05-02 11:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-02 11:20 - 2015-05-02 11:25 - 00000000 ____D () C:\Users\Sophie\AppData\Local\DC8131B1-1430565625-4F9A-C680-001FC6136CD0
2015-05-02 11:17 - 2015-05-02 15:46 - 00000000 ____D () C:\Users\Sophie\AppData\Local\DC8131B1-1430565470-4F9A-C680-001FC6136CD0
2015-05-01 09:51 - 2015-05-01 09:51 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-01 09:51 - 2015-05-01 09:51 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-27 11:28 - 2015-04-27 11:41 - 00000000 ____D () C:\Users\Sophie\Desktop\Untitled Export
2015-04-25 09:24 - 2015-05-03 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-04-23 18:50 - 2015-03-25 22:01 - 00000000 _____ () C:\Users\Sophie\photothumb.db-2rma0zljhif6sagxfam2
2015-04-23 18:50 - 2014-12-01 00:00 - 00121787 _____ () C:\Users\Sophie\zebrastreifen-design-bad-badewanne-teppich-plüschhocker-extravagant - Kopie.jpeg
2015-04-23 18:50 - 2014-08-27 17:38 - 00032410 _____ () C:\Users\Sophie\Erfolg oder Ethik  - Medaillen oder Moral.odt
2015-04-23 18:50 - 2014-06-20 20:49 - 00014761 _____ () C:\Users\Sophie\da journal.odt
2015-04-23 18:49 - 2015-04-23 18:49 - 00000000 ____D () C:\Users\Sophie\ps 2014
2015-04-23 18:48 - 2015-04-23 18:48 - 00000000 ____D () C:\Users\Sophie\2014 - 1
2015-04-23 18:45 - 2015-04-23 18:45 - 00001115 _____ () C:\Users\Sophie\Desktop\PC Inspector File Recovery.lnk
2015-04-23 18:45 - 2015-04-23 18:45 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2015-04-23 18:45 - 2015-04-23 18:45 - 00000000 ____D () C:\Program Files\Convar
2015-04-22 22:33 - 2015-04-22 22:34 - 00000000 ____D () C:\Users\Sophie\Desktop\Fotos
2015-04-22 11:30 - 2015-04-22 11:30 - 10144022 _____ () C:\Users\Sophie\Downloads\[Kahlena] GraceRecolors.zip
2015-04-22 11:20 - 2015-04-22 11:21 - 77916748 _____ () C:\Users\Sophie\Downloads\mari jan feb 2014 all recolors.rar
2015-04-22 11:19 - 2015-04-22 11:19 - 26724784 _____ () C:\Users\Sophie\Downloads\1st conversion set.rar
2015-04-22 11:18 - 2015-04-22 11:21 - 300751607 _____ () C:\Users\Sophie\Downloads\mari advent lot 2014.zip
2015-04-22 11:17 - 2015-04-22 11:18 - 55464605 _____ () C:\Users\Sophie\Downloads\Happy new Year 2015!.zip
2015-04-22 11:17 - 2015-04-22 11:17 - 11947224 _____ () C:\Users\Sophie\Downloads\wallpapers.zip
2015-04-22 11:16 - 2015-04-22 11:16 - 23937871 _____ () C:\Users\Sophie\Downloads\3to2-jan2015.zip
2015-04-22 11:15 - 2015-04-22 11:15 - 02648671 _____ () C:\Users\Sophie\Downloads\V-day 2015 conversions.zip
2015-04-22 11:13 - 2015-04-22 11:13 - 13867450 _____ () C:\Users\Sophie\Downloads\conversions+recolors-2-26-2015.zip
2015-04-22 11:13 - 2015-04-22 11:13 - 04336620 _____ () C:\Users\Sophie\Downloads\3to2 2-22-2015.zip
2015-04-22 11:09 - 2015-04-22 11:10 - 86704533 _____ () C:\Users\Sophie\Downloads\2k-followers-gift.zip
2015-04-22 11:04 - 2015-04-22 11:04 - 17702676 _____ () C:\Users\Sophie\Downloads\FROM SCANDI WITH LOVE.rar
2015-04-20 14:46 - 2015-04-20 14:46 - 00035840 ____H () C:\Users\Sophie\Downloads\photothumb.db
2015-04-20 12:33 - 2015-04-20 12:33 - 00004154 _____ () C:\Users\Sophie\AppData\Local\recently-used.xbel
2015-04-20 12:11 - 2015-04-23 11:05 - 00000000 ____D () C:\Users\Sophie\Desktop\D
2015-04-18 12:12 - 2015-04-18 12:12 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-18 12:12 - 2007-04-05 00:39 - 00442368 ____R (On2.com) C:\Windows\system32\vp6vfw.dll
2015-04-18 11:14 - 2015-04-18 11:14 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\My Baby Pet Hotel
2015-04-18 11:12 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-18 11:12 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-04-18 11:12 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-18 11:12 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-04-18 11:12 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-04-18 11:12 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-04-18 11:12 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-04-18 11:12 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-04-18 11:12 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-04-18 11:12 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-04-18 11:12 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-04-18 11:12 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-04-18 11:12 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-04-18 11:12 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-04-18 11:12 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-04-18 11:12 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-04-18 11:12 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-04-18 11:12 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-04-18 11:12 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-04-18 11:12 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-04-18 11:12 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-04-18 11:12 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-04-18 11:12 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-04-18 11:12 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-04-18 11:12 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-04-18 11:12 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-04-18 11:12 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-04-18 11:12 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-04-18 11:12 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-04-18 11:12 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-04-18 11:12 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-04-18 11:12 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-04-18 11:12 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-04-18 11:12 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-04-18 11:12 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-04-18 11:12 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-04-18 11:12 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-04-18 11:12 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-04-18 11:12 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-04-18 11:12 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-04-18 11:12 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-04-18 11:12 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-04-18 11:12 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-04-18 11:12 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-04-18 11:12 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-04-18 11:12 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-04-18 11:12 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-04-18 11:12 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-04-18 11:12 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-04-18 11:12 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-04-18 11:12 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-04-18 11:12 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-04-18 11:12 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-04-18 11:12 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-04-18 11:12 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-04-18 11:12 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-04-18 11:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-04-18 11:12 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-04-18 11:12 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-04-18 11:12 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-04-18 11:12 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-04-18 11:12 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-04-18 11:12 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-04-18 11:12 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-04-18 11:12 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-04-18 11:12 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-18 11:12 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-04-18 11:12 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-04-18 11:12 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-04-18 11:12 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-04-18 11:12 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-04-18 11:12 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-04-18 11:12 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-04-18 11:12 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-04-18 11:12 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-04-18 11:12 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-04-18 11:10 - 2015-04-18 11:12 - 00000000 ____D () C:\Windows\system32\directx
2015-04-18 11:10 - 2015-04-18 11:11 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-16 08:32 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 08:25 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 08:24 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 08:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 08:23 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 08:23 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 08:23 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 07:13 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 07:13 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 07:13 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 07:13 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 07:13 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 07:13 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 07:13 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 07:13 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 07:13 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 07:13 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-13 20:59 - 2015-04-13 21:00 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-13 20:54 - 2015-04-13 20:54 - 00001829 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-13 11:03 - 2015-04-13 11:03 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\IsolatedStorage
2015-04-13 11:03 - 2015-04-13 11:03 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-04-13 11:02 - 2015-04-13 11:02 - 00000000 ____D () C:\Spacekace
2015-04-12 15:45 - 2015-04-12 15:58 - 00000000 ____D () C:\ProgramData\eMule
2015-04-12 10:43 - 2015-04-12 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-04-09 10:41 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2015-04-08 20:52 - 2015-04-08 20:52 - 00000656 _____ () C:\Users\UpdatusUser\Desktop\Horsez - Abenteuer auf dem Reiterhof 5.lnk
2015-04-08 19:56 - 2015-04-08 19:56 - 00000566 _____ () C:\Users\UpdatusUser\Desktop\Abenteuer auf dem Reiterhof 4 - Die Meisterschule.lnk
2015-04-08 19:56 - 2015-04-08 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-04-07 20:38 - 2015-04-07 20:38 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\NVIDIA
2015-04-07 20:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-04-07 20:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-04-07 20:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-04-07 20:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-04-07 20:36 - 2015-04-07 20:36 - 00000000 ____D () C:\ProgramData\Abenteuer auf dem Reiterhof 6
2015-04-07 20:28 - 2015-04-07 20:28 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\InstallShield
2015-04-07 20:20 - 2003-03-15 23:15 - 00090112 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-04-07 20:15 - 2015-05-03 13:16 - 00000000 ____D () C:\Users\Sophie\Desktop\Spiele
2015-04-07 10:22 - 2015-04-07 10:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-07 09:07 - 2015-04-07 09:07 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-07 09:06 - 2015-04-07 11:39 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2015-04-07 09:06 - 2015-04-07 09:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-04-07 08:57 - 2015-04-07 08:57 - 00000000 ____D () C:\Users\Sophie\AppData\Local\GHISLER
2015-04-07 08:56 - 2015-04-07 08:56 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-04-07 08:56 - 2015-04-07 08:56 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\GHISLER
2015-04-07 08:56 - 2015-04-07 08:56 - 00000000 ____D () C:\totalcmd
2015-04-07 08:44 - 2015-05-02 17:16 - 00000577 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-07 08:44 - 2015-04-07 08:44 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Opera Software
2015-04-07 08:44 - 2015-04-07 08:44 - 00000000 ____D () C:\Users\Sophie\AppData\Local\Skype
2015-04-07 08:44 - 2015-04-07 08:44 - 00000000 ____D () C:\Users\Sophie\AppData\Local\Opera Software
2015-04-07 08:43 - 2015-04-07 08:59 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Skype
2015-04-07 08:42 - 2015-04-07 08:59 - 00000000 ____D () C:\ProgramData\Skype
2015-04-07 08:41 - 2015-04-07 08:41 - 00000045 _____ () C:\user.js
2015-04-07 08:27 - 2015-04-07 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-07 07:32 - 2015-04-18 11:33 - 00061832 _____ () C:\Windows\DirectX.log
2015-04-07 07:32 - 2015-04-07 07:32 - 00409600 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-04-07 07:32 - 2015-04-07 07:32 - 00278728 _____ () C:\Windows\system32\Drivers\atksgt.sys
2015-04-07 07:32 - 2015-04-07 07:32 - 00114688 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-04-07 07:32 - 2015-04-07 07:32 - 00025416 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2015-04-07 07:32 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-04-06 16:59 - 2015-04-06 17:05 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Notepad++
2015-04-06 16:59 - 2015-04-06 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-06 12:06 - 2015-04-06 12:06 - 00000759 _____ () C:\Users\UpdatusUser\Desktop\Mein Gestüt – Ein Leben für die Pferde.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 17:05 - 2015-03-02 19:00 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 16:47 - 2009-04-11 14:37 - 01675173 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 16:46 - 2015-03-02 19:00 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-03 16:45 - 2006-11-02 14:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 16:45 - 2006-11-02 14:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 13:48 - 2006-11-02 12:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 13:40 - 2015-02-09 22:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-03 13:40 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 13:39 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-02 17:16 - 2015-03-02 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-02 17:16 - 2015-02-09 21:43 - 00000983 _____ () C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-02 15:39 - 2008-01-21 04:47 - 00173824 _____ () C:\Windows\PFRO.log
2015-05-01 09:51 - 2015-03-07 13:19 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-24 21:12 - 2015-02-09 21:43 - 00000000 ____D () C:\Users\Sophie
2015-04-22 22:34 - 2015-03-11 12:35 - 00000000 ____D () C:\Users\Sophie\Desktop\Sonstiges
2015-04-22 21:16 - 2006-11-02 14:52 - 00038358 _____ () C:\Windows\setupact.log
2015-04-20 12:33 - 2015-03-13 22:45 - 00000000 ____D () C:\Users\Sophie\.gimp-2.8
2015-04-17 22:02 - 2015-02-09 21:43 - 00000000 ____D () C:\Users\Sophie\AppData\Local\VirtualStore
2015-04-16 11:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 08:32 - 2015-03-02 20:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 08:26 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-13 20:56 - 2015-03-07 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-12 21:22 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-07 20:28 - 2015-02-09 22:21 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-07 11:01 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-05 18:11 - 2015-03-13 23:00 - 00079872 ____H () C:\Users\Sophie\Desktop\photothumb.db
2015-04-03 12:46 - 2015-03-14 15:53 - 00010240 _____ () C:\Users\Sophie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-03 11:36 - 2015-03-12 09:26 - 00000000 ____D () C:\Program Files\Wimpy Player

==================== Files in the root of some directories =======

2015-02-09 21:43 - 2015-02-09 22:03 - 0000680 _____ () C:\Users\Sophie\AppData\Local\d3d9caps.dat
2015-03-14 15:53 - 2015-04-03 12:46 - 0010240 _____ () C:\Users\Sophie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-20 12:33 - 2015-04-20 12:33 - 0004154 _____ () C:\Users\Sophie\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Sophie\AppData\Local\Temp\eauninstall.exe
C:\Users\Sophie\AppData\Local\Temp\Quarantine.exe
C:\Users\Sophie\AppData\Local\Temp\sqlite3.dll
C:\Users\Sophie\AppData\Local\Temp\VP6Install.exe
C:\Users\Sophie\AppData\Local\Temp\VP6VFW.dll
C:\Users\Sophie\AppData\Local\Temp\_isDE8D.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-03 13:57

==================== End Of Log ============================
         

& FRST-Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-05-2015
Ran by Sophie at 2015-05-03 17:33:44
Running from C:\Users\Sophie\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-795088716-3225698515-1859665541-500 - Administrator - Disabled)
Guest (S-1-5-21-795088716-3225698515-1859665541-501 - Limited - Enabled)
Sophie (S-1-5-21-795088716-3225698515-1859665541-1000 - Administrator - Enabled) => C:\Users\Sophie
UpdatusUser (S-1-5-21-795088716-3225698515-1859665541-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abenteuer auf dem Reiterhof 6 (HKLM\...\{EEE76149-DC7F-4D3E-B021-6152DF574FA6}) (Version: 1.00 - UBISOFT)
Adobe Photoshop Lightroom 4.4 (HKLM\...\{FA6F726E-AA8D-492A-B18A-A5945C337FCE}) (Version: 4.4.1 - Adobe)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Attansic Ethernet Utility (HKLM\...\{1F698102-5739-441E-96F0-74F4EA540F06}) (Version: 2.0.60.4 - Attansic)
Attansic L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Die Sims 2: Open For Business (HKLM\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
Die Sims™ 2 Apartment-Leben (HKLM\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
Die Sims™ 2 Deluxe (HKLM\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version:  - )
Die Sims™ 2 IKEA® Home-Accessoires (HKLM\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)
Die Sims™ 2 Vier Jahreszeiten (HKLM\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
Die Sims™ 2 Villen- und Garten-Accessoires (HKLM\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version:  - Electronic Arts)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Fotor 2.0.2 (HKLM\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
LibreOffice 4.3.6.2 (HKLM\...\{9F410B70-8A45-4F28-985E-F9731219BCBC}) (Version: 4.3.6.2 - The Document Foundation)
Mein Gestüt – Ein Leben für die Pferde (HKLM\...\MyRidingStables) (Version: 1.0 - Sproing Interactive GmbH)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PhotoFiltre 7 (HKU\S-1-5-21-795088716-3225698515-1859665541-1000\...\PhotoFiltre 7) (Version:  - )
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver For Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.235.304.2010 - Realtek)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoo Tycoon: Complete Collection (HKLM\...\Zoo Tycoon 1.0) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-04-2015 08:31:38 Windows Update
26-04-2015 03:00:30 Windows Update
26-04-2015 18:06:40 Geplanter Prüfpunkt
27-04-2015 07:50:08 Windows Update
28-04-2015 19:30:09 Windows Update
29-04-2015 09:15:06 Windows Update
30-04-2015 03:00:14 Windows Update
30-04-2015 15:12:30 Geplanter Prüfpunkt
01-05-2015 09:50:14 avast! antivirus system restore point
01-05-2015 09:53:09 Windows Update
02-05-2015 10:26:20 Windows Update
03-05-2015 10:37:21 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-05-02 11:55 - 00450690 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C62785B-61BE-44B8-BF4F-8351424D07F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.)
Task: {69BF5535-1668-4B7C-BD0E-36730E97645B} - System32\Tasks\Opera scheduled Autoupdate 1428388977 => C:\Program Files\Opera\launcher.exe
Task: {71D9A115-E488-4FF8-A87E-DDE7B022D7D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {768C6E24-F80C-484E-9597-10E3F90D7E87} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {87FD699C-F0A7-4964-815E-73B88AFCBC08} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sophie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {D1800DC7-6933-454D-B28B-6AEDD4A486C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-07 13:19 - 2015-05-01 09:51 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-07 13:19 - 2015-05-01 09:51 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-03 10:36 - 2015-05-03 10:36 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050300\algo.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-02 11:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-02 11:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-02 11:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-02 11:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-02 11:50 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-07 13:19 - 2015-03-07 13:19 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-02 16:21 - 2015-05-02 16:21 - 02204160 _____ () C:\Users\Sophie\Downloads\adwcleaner_4.203.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-795088716-3225698515-1859665541-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sophie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
HKU\S-1-5-21-795088716-3225698515-1859665541-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{6B265DC8-B3F0-4918-B083-1286F0861DB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BC6C0276-401A-4070-9923-CA02905294E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AF47770B-9A6F-46CD-AF7E-EEBE7B9C40C4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DEE800AA-0AFE-460B-86E9-225C4A2E15D9}] => (Allow) LPort=80
FirewallRules: [{0956A94A-F72B-472F-95B1-62E7D040CBF2}] => (Allow) LPort=80
FirewallRules: [{70A5A568-8487-4CB4-8B38-B67AA3B93BF2}] => (Allow) LPort=80
FirewallRules: [{08A0A277-7F5F-4573-BD90-DC713A248F80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{81151833-C873-49B7-9E5D-AB5C293E9A05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC3B8606-ABCF-44C7-A502-6C27CB43FD47}] => (Allow) D:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A7429A4F-439B-4C9D-82F2-87936AB6F42D}D:\program files\emule\emule.exe] => (Allow) D:\program files\emule\emule.exe
FirewallRules: [UDP Query User{397486F7-599F-4C5D-9DC9-ED5D70E5EC17}D:\program files\emule\emule.exe] => (Allow) D:\program files\emule\emule.exe
FirewallRules: [{0C31D705-79AE-4B70-89A1-F3E431028E03}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3A26499A-F4C0-4290-B00C-9A19908DBA19}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FF82DAA0-06F1-4193-85EE-266045DE40E4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2015 04:45:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4151982

Error: (05/03/2015 04:45:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4151982

Error: (05/03/2015 04:45:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2015 08:26:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35283885

Error: (05/03/2015 08:26:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35283885

Error: (05/03/2015 08:26:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35277723

Error: (05/03/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35277723

Error: (05/03/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2015 08:26:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35276709


System errors:
=============
Error: (05/03/2015 04:47:57 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{7CBAA217-ADD6-4806-8A79-0F77BEA80343}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (05/03/2015 01:41:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: innfd_1_10_0_14

Error: (05/03/2015 01:41:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Top Up Poster%%3

Error: (05/03/2015 01:33:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts

Error: (05/03/2015 01:33:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Scanner Service1600001Neustart des Diensts

Error: (05/03/2015 01:33:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NVIDIA Update Service Daemon1

Error: (05/03/2015 01:33:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (05/03/2015 01:33:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: iPod-Dienst1

Error: (05/03/2015 01:33:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Updating Service1600001Neustart des Diensts

Error: (05/03/2015 01:33:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Security Center Service1600001Neustart des Diensts


Microsoft Office Sessions:
=========================
Error: (05/03/2015 04:45:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4151982

Error: (05/03/2015 04:45:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4151982

Error: (05/03/2015 04:45:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2015 08:26:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35283885

Error: (05/03/2015 08:26:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35283885

Error: (05/03/2015 08:26:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35277723

Error: (05/03/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35277723

Error: (05/03/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2015 08:26:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35276709


CodeIntegrity Errors:
===================================
  Date: 2015-04-14 10:12:22.156
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-14 10:12:22.030
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-14 10:12:21.899
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-14 10:12:21.768
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-14 10:12:21.168
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-14 10:12:20.983
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-14 10:12:20.743
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-14 10:12:20.546
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 19:04:38.167
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 19:04:38.042
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 58%
Total physical RAM: 2046.48 MB
Available physical RAM: 845.17 MB
Total Pagefile: 4332.22 MB
Available Pagefile: 2495.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:29.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:67.69 GB) (Free:41.01 GB) NTFS
Drive e: (Sims2EP9) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: F98D6E74)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=67.7 GB) - (Type=OF Extended)

==================== End Of Log ============================
         


Ich hoffe ihr könnt mir irgendwie helfen

Alt 03.05.2015, 17:19   #2
schrauber
/// the machine
/// TB-Ausbilder
 

"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S2 lusotocu; C:\Users\Sophie\AppData\Roaming\DC8131B1-1430558212-4F9A-C680-001FC6136CD0\jnsgF8DF.tmp [X]
RemoveProxy:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________

__________________

Alt 03.05.2015, 17:42   #3
Haselocke
 
"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Hallo,

ich bin jetzt mal nach dem Lösungsvorschlag von Jürgen gegangen.

hier das fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-05-2015
Ran by Sophie at 2015-05-03 18:25:01 Run:1
Running from C:\Users\Sophie\Downloads
Loaded Profiles: Sophie & UpdatusUser (Available profiles: Sophie & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
RemoveProxy:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 lusotocu; C:\Users\Sophie\AppData\Roaming\DC8131B1-1430558212-4F9A-C680-001FC6136CD0\jnsgF8DF.tmp [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
EmptyTemp:
         
*****************

Processes closed successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-795088716-3225698515-1859665541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-795088716-3225698515-1859665541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-795088716-3225698515-1859665541-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. 
"HKU\S-1-5-21-795088716-3225698515-1859665541-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 
"HKU\S-1-5-21-795088716-3225698515-1859665541-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. 
HKU\S-1-5-21-795088716-3225698515-1859665541-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
lusotocu => Service deleted successfully.
esgiguard => Service deleted successfully.
EmptyTemp: => Removed 352.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:34:02 ====
         

EDIT: AdwCleaner zeigt das Problem jetzt auch nicht mehr an.
__________________

Geändert von Haselocke (03.05.2015 um 17:47 Uhr)

Alt 04.05.2015, 11:43   #4
schrauber
/// the machine
/// TB-Ausbilder
 

"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Zitat:
ich bin jetzt mal nach dem Lösungsvorschlag von Jürgen gegangen.
Ich seh keinen

Abgesehen davon waren die identisch, bis auf die leeren Scopes.

Poste noch bitte ein frisches FRST Log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.05.2015, 17:54   #5
Haselocke
 
"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Hallo,

ja das hab ich schon bemerkt

Hier das Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by Sophie (administrator) on SOPHIE-PC on 04-05-2015 18:49:38
Running from C:\Users\Sophie\Downloads
Loaded Profiles: Sophie & UpdatusUser &  (Available profiles: Sophie & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-01] (Avast Software s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-795088716-3225698515-1859665541-1000\...\MountPoints2: {52ebebad-b092-11e4-a55d-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-795088716-3225698515-1859665541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {52ebebad-b092-11e4-a55d-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-795088716-3225698515-1859665541-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-795088716-3225698515-1859665541-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-795088716-3225698515-1859665541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-795088716-3225698515-1859665541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-795088716-3225698515-1859665541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-13] (Avast Software s.r.o.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-31] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-31] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-10]

Chrome: 
=======
CHR StartupUrls: Profile 1 -> "https://www.google.de/"
CHR Profile: C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
CHR Extension: (Google Docs) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-02]
CHR Extension: (YouTube) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-02]
CHR Extension: (Google Search) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-02]
CHR Extension: (Google Sheets) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
CHR Extension: (Bookmark Manager) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-11]
CHR Extension: (Avast Online Security) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Gmail) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-01] (Avast Software)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-01] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 AtcL001; C:\Windows\System32\DRIVERS\atl01v32.sys [48128 2007-03-15] (Attansic Technology corporation.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2015-04-07] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2015-04-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-01] (Avast Software)
R4 epp32; system32\DRIVERS\epp32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 18:45 - 2015-05-04 18:45 - 00000000 ____D () C:\Program Files\ESET
2015-05-04 11:51 - 2015-05-04 11:51 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-04 10:09 - 2015-05-04 10:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 10:09 - 2015-05-04 10:09 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-04 10:09 - 2015-05-04 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-04 10:09 - 2015-05-04 10:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-04 10:09 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-04 10:09 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-04 10:09 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-04 10:00 - 2015-05-04 10:00 - 00000665 _____ () C:\Users\Sophie\Desktop\JRT.txt
2015-05-04 09:52 - 2015-05-04 09:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SOPHIE-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-04 09:52 - 2015-05-04 09:52 - 00000000 ____D () C:\RegBackup
2015-05-03 17:33 - 2015-05-03 17:35 - 00025999 _____ () C:\Users\Sophie\Downloads\Addition.txt
2015-05-03 17:32 - 2015-05-04 18:49 - 00013278 _____ () C:\Users\Sophie\Downloads\FRST.txt
2015-05-03 17:32 - 2015-05-04 18:49 - 00000000 ____D () C:\FRST
2015-05-03 17:31 - 2015-05-03 17:31 - 01140736 _____ (Farbar) C:\Users\Sophie\Downloads\FRST.exe
2015-05-02 17:13 - 2015-05-04 09:51 - 00000000 ____D () C:\AdwCleaner
2015-05-02 16:21 - 2015-05-02 16:21 - 02204160 _____ () C:\Users\Sophie\Downloads\adwcleaner_4.203.exe
2015-05-02 15:39 - 2015-05-02 15:39 - 00001220 _____ () C:\EamClean.log
2015-05-02 15:34 - 2015-05-02 15:34 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-02 12:32 - 2015-05-02 17:16 - 00000981 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-02 12:22 - 2015-05-04 12:00 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-05-02 12:09 - 2015-05-02 12:11 - 170234744 _____ (Emsisoft Ltd. ) C:\Users\Sophie\Downloads\EmsisoftAntiMalwareSetup_9.0.0.5066.exe
2015-05-02 11:55 - 2006-09-18 23:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150502-115558.backup
2015-05-02 11:50 - 2015-05-04 10:33 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-05-02 11:50 - 2015-05-02 11:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-02 11:50 - 2015-05-02 11:50 - 00001970 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-02 11:50 - 2015-05-02 11:50 - 00001958 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-02 11:50 - 2015-05-02 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-02 11:50 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-02 11:49 - 2015-05-02 11:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-02 11:17 - 2015-05-02 15:46 - 00000000 ____D () C:\Users\Sophie\AppData\Local\DC8131B1-1430565470-4F9A-C680-001FC6136CD0
2015-05-01 09:51 - 2015-05-01 09:51 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-01 09:51 - 2015-05-01 09:51 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-27 11:28 - 2015-04-27 11:41 - 00000000 ____D () C:\Users\Sophie\Desktop\Untitled Export
2015-04-25 09:24 - 2015-05-03 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-04-23 18:50 - 2015-03-25 22:01 - 00000000 _____ () C:\Users\Sophie\photothumb.db-2rma0zljhif6sagxfam2
2015-04-23 18:50 - 2014-12-01 00:00 - 00121787 _____ () C:\Users\Sophie\zebrastreifen-design-bad-badewanne-teppich-plüschhocker-extravagant - Kopie.jpeg
2015-04-23 18:50 - 2014-08-27 17:38 - 00032410 _____ () C:\Users\Sophie\Erfolg oder Ethik  - Medaillen oder Moral.odt
2015-04-23 18:50 - 2014-06-20 20:49 - 00014761 _____ () C:\Users\Sophie\da journal.odt
2015-04-23 18:49 - 2015-04-23 18:49 - 00000000 ____D () C:\Users\Sophie\ps 2014
2015-04-23 18:48 - 2015-04-23 18:48 - 00000000 ____D () C:\Users\Sophie\2014 - 1
2015-04-23 18:45 - 2015-04-23 18:45 - 00001115 _____ () C:\Users\Sophie\Desktop\PC Inspector File Recovery.lnk
2015-04-23 18:45 - 2015-04-23 18:45 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2015-04-23 18:45 - 2015-04-23 18:45 - 00000000 ____D () C:\Program Files\Convar
2015-04-22 22:33 - 2015-04-22 22:34 - 00000000 ____D () C:\Users\Sophie\Desktop\Fotos
2015-04-20 14:46 - 2015-04-20 14:46 - 00035840 ____H () C:\Users\Sophie\Downloads\photothumb.db
2015-04-20 12:33 - 2015-04-20 12:33 - 00004154 _____ () C:\Users\Sophie\AppData\Local\recently-used.xbel
2015-04-20 12:11 - 2015-05-03 18:12 - 00000000 ____D () C:\Users\Sophie\Desktop\D
2015-04-18 12:12 - 2015-04-18 12:12 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-18 12:12 - 2007-04-05 00:39 - 00442368 ____R (On2.com) C:\Windows\system32\vp6vfw.dll
2015-04-18 11:14 - 2015-04-18 11:14 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\My Baby Pet Hotel
2015-04-18 11:12 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-18 11:12 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-04-18 11:12 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-04-18 11:12 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-18 11:12 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-04-18 11:12 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-04-18 11:12 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-04-18 11:12 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-04-18 11:12 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-04-18 11:12 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-04-18 11:12 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-04-18 11:12 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-04-18 11:12 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-04-18 11:12 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-04-18 11:12 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-04-18 11:12 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-04-18 11:12 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-04-18 11:12 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-04-18 11:12 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-04-18 11:12 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-04-18 11:12 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-04-18 11:12 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-04-18 11:12 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-04-18 11:12 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-04-18 11:12 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-04-18 11:12 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-04-18 11:12 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-04-18 11:12 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-04-18 11:12 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-04-18 11:12 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-04-18 11:12 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-04-18 11:12 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-04-18 11:12 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-04-18 11:12 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-04-18 11:12 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-04-18 11:12 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-04-18 11:12 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-04-18 11:12 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-04-18 11:12 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-04-18 11:12 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-04-18 11:12 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-04-18 11:12 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-04-18 11:12 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-04-18 11:12 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-04-18 11:12 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-04-18 11:12 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-04-18 11:12 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-04-18 11:12 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-04-18 11:12 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-04-18 11:12 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-04-18 11:12 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-04-18 11:12 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-04-18 11:12 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-04-18 11:12 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-04-18 11:12 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-04-18 11:12 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-04-18 11:12 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-04-18 11:12 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-04-18 11:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-04-18 11:12 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-04-18 11:12 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-04-18 11:12 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-04-18 11:12 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-04-18 11:12 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-04-18 11:12 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-04-18 11:12 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-04-18 11:12 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-04-18 11:12 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-18 11:12 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-04-18 11:12 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-04-18 11:12 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-04-18 11:12 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-04-18 11:12 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-04-18 11:12 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-04-18 11:12 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-04-18 11:12 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-04-18 11:12 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-04-18 11:12 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-04-18 11:10 - 2015-04-18 11:12 - 00000000 ____D () C:\Windows\system32\directx
2015-04-18 11:10 - 2015-04-18 11:11 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-16 08:32 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 08:25 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 08:24 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 08:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 08:23 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 08:23 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 08:23 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 07:13 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 07:13 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 07:13 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 07:13 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 07:13 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 07:13 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 07:13 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 07:13 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 07:13 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 07:13 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 07:13 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 07:13 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-13 20:59 - 2015-04-13 21:00 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-13 20:54 - 2015-04-13 20:54 - 00001829 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-13 11:03 - 2015-04-13 11:03 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\IsolatedStorage
2015-04-13 11:03 - 2015-04-13 11:03 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-04-13 11:02 - 2015-04-13 11:02 - 00000000 ____D () C:\Spacekace
2015-04-12 15:45 - 2015-04-12 15:58 - 00000000 ____D () C:\ProgramData\eMule
2015-04-12 10:43 - 2015-04-12 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-04-09 10:41 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2015-04-08 20:52 - 2015-04-08 20:52 - 00000656 _____ () C:\Users\UpdatusUser\Desktop\Horsez - Abenteuer auf dem Reiterhof 5.lnk
2015-04-08 19:56 - 2015-04-08 19:56 - 00000566 _____ () C:\Users\UpdatusUser\Desktop\Abenteuer auf dem Reiterhof 4 - Die Meisterschule.lnk
2015-04-08 19:56 - 2015-04-08 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-04-07 20:38 - 2015-04-07 20:38 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\NVIDIA
2015-04-07 20:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-04-07 20:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-04-07 20:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-04-07 20:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-04-07 20:36 - 2015-04-07 20:36 - 00000000 ____D () C:\ProgramData\Abenteuer auf dem Reiterhof 6
2015-04-07 20:28 - 2015-04-07 20:28 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\InstallShield
2015-04-07 20:20 - 2003-03-15 23:15 - 00090112 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-04-07 20:15 - 2015-05-03 13:16 - 00000000 ____D () C:\Users\Sophie\Desktop\Spiele
2015-04-07 10:22 - 2015-04-07 10:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-07 09:07 - 2015-04-07 09:07 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-07 09:06 - 2015-04-07 11:39 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2015-04-07 09:06 - 2015-04-07 09:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-04-07 08:57 - 2015-04-07 08:57 - 00000000 ____D () C:\Users\Sophie\AppData\Local\GHISLER
2015-04-07 08:56 - 2015-04-07 08:56 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-04-07 08:56 - 2015-04-07 08:56 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\GHISLER
2015-04-07 08:56 - 2015-04-07 08:56 - 00000000 ____D () C:\totalcmd
2015-04-07 08:44 - 2015-05-02 17:16 - 00000577 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-07 08:44 - 2015-04-07 08:44 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Opera Software
2015-04-07 08:44 - 2015-04-07 08:44 - 00000000 ____D () C:\Users\Sophie\AppData\Local\Skype
2015-04-07 08:44 - 2015-04-07 08:44 - 00000000 ____D () C:\Users\Sophie\AppData\Local\Opera Software
2015-04-07 08:43 - 2015-04-07 08:59 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Skype
2015-04-07 08:42 - 2015-04-07 08:59 - 00000000 ____D () C:\ProgramData\Skype
2015-04-07 08:41 - 2015-04-07 08:41 - 00000045 _____ () C:\user.js
2015-04-07 08:27 - 2015-04-07 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-07 07:32 - 2015-04-18 11:33 - 00061832 _____ () C:\Windows\DirectX.log
2015-04-07 07:32 - 2015-04-07 07:32 - 00409600 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-04-07 07:32 - 2015-04-07 07:32 - 00278728 _____ () C:\Windows\system32\Drivers\atksgt.sys
2015-04-07 07:32 - 2015-04-07 07:32 - 00114688 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-04-07 07:32 - 2015-04-07 07:32 - 00025416 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2015-04-07 07:32 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-04-06 16:59 - 2015-04-06 17:05 - 00000000 ____D () C:\Users\Sophie\AppData\Roaming\Notepad++
2015-04-06 16:59 - 2015-04-06 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-06 12:06 - 2015-04-06 12:06 - 00000759 _____ () C:\Users\UpdatusUser\Desktop\Mein Gestüt – Ein Leben für die Pferde.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 18:33 - 2015-03-02 19:00 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 18:25 - 2015-03-02 19:00 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 18:24 - 2006-11-02 14:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-04 18:24 - 2006-11-02 14:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-04 11:43 - 2009-04-11 14:37 - 01738598 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 10:39 - 2006-11-02 12:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-04 10:31 - 2015-02-09 22:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-04 10:31 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-04 10:30 - 2008-01-21 04:47 - 00176254 _____ () C:\Windows\PFRO.log
2015-05-04 10:30 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\IME
2015-05-04 10:29 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-02 17:16 - 2015-03-02 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-02 17:16 - 2015-02-09 21:43 - 00000983 _____ () C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 09:51 - 2015-03-07 13:19 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-01 09:51 - 2015-03-07 13:19 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-24 21:12 - 2015-02-09 21:43 - 00000000 ____D () C:\Users\Sophie
2015-04-22 22:34 - 2015-03-11 12:35 - 00000000 ____D () C:\Users\Sophie\Desktop\Sonstiges
2015-04-22 21:16 - 2006-11-02 14:52 - 00038358 _____ () C:\Windows\setupact.log
2015-04-20 12:33 - 2015-03-13 22:45 - 00000000 ____D () C:\Users\Sophie\.gimp-2.8
2015-04-17 22:02 - 2015-02-09 21:43 - 00000000 ____D () C:\Users\Sophie\AppData\Local\VirtualStore
2015-04-16 11:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 08:32 - 2015-03-02 20:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 08:26 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-13 20:56 - 2015-03-07 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-12 21:22 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-07 20:28 - 2015-02-09 22:21 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-07 11:01 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-05 18:11 - 2015-03-13 23:00 - 00079872 ____H () C:\Users\Sophie\Desktop\photothumb.db

==================== Files in the root of some directories =======

2015-02-09 21:43 - 2015-02-09 22:03 - 0000680 _____ () C:\Users\Sophie\AppData\Local\d3d9caps.dat
2015-03-14 15:53 - 2015-04-03 12:46 - 0010240 _____ () C:\Users\Sophie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-20 12:33 - 2015-04-20 12:33 - 0004154 _____ () C:\Users\Sophie\AppData\Local\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 10:41

==================== End Of Log ============================
         
--- --- ---





Habe zudem ein zweites Problem entdeckt, was mir etwas suspekt vorkommt.

Avast meldet mir zwei Funde "Win32:Evo-Gen[Susp]" & "Win32:Adware-ASG[PUP]".
die anderen Programme erkennen dies aber nicht. Diese Meldung kommt täglich. Avast schiebt das Zeug natürlich gleich in den Container. Hilfeee ..


Alt 05.05.2015, 08:06   #6
schrauber
/// the machine
/// TB-Ausbilder
 

"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Logfile oder Screenshot von den Avast Funden bitte.
__________________
--> "PROXY" Einträge in der Registrierungsdatenbank

Alt 05.05.2015, 15:14   #7
Haselocke
 
"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank





Hoffe das hat jetzt geklappt x:

Alt 06.05.2015, 07:45   #8
schrauber
/// the machine
/// TB-Ausbilder
 

"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Hi,


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.05.2015, 09:45   #9
Haselocke
 
"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e104cd7148264642af7016d1826a67b6
# engine=23732
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-07 08:39:01
# local_time=2015-05-07 10:39:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 84 520627 5264399 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 167203 268520669 0 0
# scanned=146810
# found=7
# cleaned=0
# scan_time=3553
sh=810C1517C36278077DAB711A8F81B9F9D08E43F0 ft=1 fh=d5a7903e1ff68e8e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\BrowerWatchCH.dll.vir"
sh=7E105A4FE49D55CB3B71D8A91E6AD207E3BE1976 ft=1 fh=c5e772386234733f vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\BrowerWatchFF.dll.vir"
sh=07097986407A53ADBFC7C2A6BCCBACF41F8971B7 ft=1 fh=f231f1e4c2bc3212 vn="Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=4E409DDB2156AF741787458B35CECE4AC41FD8B0 ft=1 fh=33cac8fcf432a6a1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\IeWatchDog.dll.vir"
sh=584DC38002EB561C3FE88EC8B9B414C5735BEFC0 ft=1 fh=dd30f994beee198a vn="Variante von Win32/Adware.ConvertAd.LJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophie\AppData\Roaming\DC8131B1-1430558212-4F9A-C680-001FC6136CD0\jnsgF8DF.tmp.vir"
sh=90A440A11B158CACC211196FF49670F6F38EB760 ft=1 fh=8b2ddc3358c7903c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sophie\AppData\Local\Temp\RarSFX1\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe"
         
Hatte die Tage zuvor nochmal einen Komplett-Scan mit Avast gemacht, der hatte dann nochmal das gleiche gefunden > gelöscht.

was nun ?

Alt 08.05.2015, 06:37   #10
schrauber
/// the machine
/// TB-Ausbilder
 

"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



wird aktuell noch was gefunden?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.05.2015, 21:54   #11
Haselocke
 
"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Habe gerade nochmal einen Lauf durch Avast mit allen möglichen Laufwerken, Speichern/Zwischenspeichern etc. gemacht.
hat jetzt nochmal ein "Rootkit-gen [Rtk]" im AdwCleaner-Quarantäne-Ordner gefunden und hab den auch gleich löschen lassen. danach automatisch Neustart mit sofortiger Startzeitprüfung durchlaufen lassen > keine Befunde mehr.

Ist mein Laptop jetzt wirklich clean? Ich muss dazu sagen, dass ich ihn erst vor kurzem übernommen habe. Das Ding ist mir, auch beruflich gesehen, sehr wichtig und ich will wirklich sicher gehen, dass selbst bei Überweisungen/Bank-Angelegenheiten alles safe ist.

Ich hab echt langsam keine Ideen mehr und auch keinen Nerv ewig die Stunden was Prüfen und durchlaufen zu lassen. Neu aufsetzen ist absolut nicht das Ziel, dafür hab ich keinerlei Zeit.

Alt 09.05.2015, 17:12   #12
schrauber
/// the machine
/// TB-Ausbilder
 

"PROXY" Einträge in der Registrierungsdatenbank - Standard

"PROXY" Einträge in der Registrierungsdatenbank



Das war ne Fehlerkennung von Avast mit dem Rootkit. Ändere deine Passwörter und gut is



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu "PROXY" Einträge in der Registrierungsdatenbank
antivirus, defender, fehlercode 28, fehlercode windows, iexplore.exe, installation, internet, internet explorer, photoshop, proxy adwcleaner, registry, safer networking, security, services.exe, software, spyhunter, spyhunter entfernen, svchost.exe, win32/adware.convertad.lj, win32/elex.bm, win32/elex.cy, win32/toolbar.tnt2.i, win32/toolbar.visicom.a



Ähnliche Themen: "PROXY" Einträge in der Registrierungsdatenbank


  1. AdwCleaner findet "PROXY" Einträge in der Registrierungsdatenbank
    Plagegeister aller Art und deren Bekämpfung - 26.04.2015 (15)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Internet v. a. mit Firefox sehr langsam (versteckter "Proxy")
    Plagegeister aller Art und deren Bekämpfung - 29.03.2014 (11)
  4. SweetIM - Registrierungsdatenbank-Schlüssel "Software/Iminstaller"
    Log-Analyse und Auswertung - 26.02.2014 (1)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Firefox: "Proxy-Server verweigert die Verbindung"
    Log-Analyse und Auswertung - 01.09.2013 (9)
  7. Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (9)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  10. MSN Virus erhalten "Guck mal dieses Bild" [...] Proxy Umleitung? :x
    Log-Analyse und Auswertung - 05.09.2010 (1)
  11. "sonderbare" Einträge in der Registry
    Plagegeister aller Art und deren Bekämpfung - 26.02.2009 (26)
  12. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  13. Trojaner: "TR/proxy.delf.CA"
    Log-Analyse und Auswertung - 06.06.2007 (2)
  14. Trojaner "TR/Proxy.Agent.DF.15"
    Antiviren-, Firewall- und andere Schutzprogramme - 02.03.2007 (1)
  15. HILFE: "Win32:HLLW.Gavir:5" und "Trojan.Proxy.Ranky
    Log-Analyse und Auswertung - 12.01.2007 (4)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. Einträge "fixen"
    Log-Analyse und Auswertung - 15.11.2005 (2)

Zum Thema "PROXY" Einträge in der Registrierungsdatenbank - Hallo liebes Board, mein AdwCleaner zeigt mir durchgehend diese Meldung, diese wird nach dem "Löschen" wieder angezeigt.. Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v4.203 - Bericht erstellt 03/05/2015 um - "PROXY" Einträge in der Registrierungsdatenbank...
Archiv
Du betrachtest: "PROXY" Einträge in der Registrierungsdatenbank auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.