Hi,
zuerst kurze Info AdwCleaner ist hängen geblieben daher 2 Logs unten Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 01.02.2015 19:13:07, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
Protection, 01.02.2015 19:13:07, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
Protection, 01.02.2015 19:13:07, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Update, 01.02.2015 19:13:11, SYSTEM, HOME-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 01.02.2015 19:13:11, SYSTEM, HOME-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1,
Protection, 01.02.2015 19:13:12, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Update, 01.02.2015 19:13:13, SYSTEM, HOME-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.1.6,
Protection, 01.02.2015 19:13:13, SYSTEM, HOME-PC, Protection, Refresh, Starting,
Protection, 01.02.2015 19:13:13, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
Protection, 01.02.2015 19:13:13, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
Protection, 01.02.2015 19:13:23, SYSTEM, HOME-PC, Protection, Refresh, Success,
Protection, 01.02.2015 19:13:23, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 01.02.2015 19:13:23, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Protection, 01.02.2015 19:37:07, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
Protection, 01.02.2015 19:37:07, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
Protection, 01.02.2015 19:37:07, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 01.02.2015 19:39:09, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Detection, 01.02.2015 19:41:22, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Quarantine, [301a3bdeaedce254b15310500df614ec]
(end) AdwCleaner S0 Code:
# AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 19:50:37
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Dirk - HOME-PC
# Gestartet von : C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\MailUpdate
Ordner Gelöscht : C:\Program Files\AskTBar
Ordner Gelöscht : C:\Program Files\Search Extensions
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\Astromenda
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\FileViewPro
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\Astromenda
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\MailUpdate AdwCleaner S1 Code:
# AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 20:08:23
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Dirk - HOME-PC
# Gestartet von : C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Datei Gelöscht : C:\Users\Dirk\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Dirk\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\invalidprefs.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKCU\Software\d28dd0e63def12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8C6023A-C536-4C0E-88D3-58898A3DC330}
Schlüssel Gelöscht : HKCU\Software\BRS
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Orbit
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Solvusoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Astromenda
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WaInterEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49876;hxxps=127.0.0.1:49876
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v35.0.1 (x86 de)
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "omiga-plus");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "omiga-plus");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "omiga-plus");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...]
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzy[...]
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtB[...]
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.admin", false);
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.id", "f4c9b13c0000000000000019db5bd77b");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlDay", "15803");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.newTab", false);
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.022:11:56");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.sm.de/?q=");
-\\ Google Chrome v
[C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
*************************
AdwCleaner[R0].txt - [13779 octets] - [01/02/2015 19:47:12]
AdwCleaner[R1].txt - [13098 octets] - [01/02/2015 20:05:14]
AdwCleaner[S0].txt - [1199 octets] - [01/02/2015 19:50:37]
AdwCleaner[S1].txt - [13164 octets] - [01/02/2015 20:08:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13225 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dirk on 01.02.2015 at 21:15:45,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Dirk\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Dirk\appdata\local\{E96BD664-60D7-4577-AD7E-0BFB55F2E708}
~~~ FireFox
Successfully deleted the following from C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\m12ex9oq.default\prefs.js
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "obw");
user_pref("browser.search.searchengine.uid", "ST3250820AS_5QE2ABCQXXXX5QE2ABCQ");
Emptied folder: C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\m12ex9oq.default\minidumps [614 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.02.2015 at 21:20:06,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by Dirk (administrator) on HOME-PC on 01-02-2015 21:43:18
Running from C:\Users\Dirk\Desktop\TrojanerBoard
Loaded Profiles: Dirk (Available profiles: Dirk & Mcx1 & Pascal)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Windows\System32\AtwtusbIcon.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-02-25] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-05-20] (RealNetworks, Inc.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] ()
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343272 2014-11-27] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [606096 2014-10-17] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [409912 2014-08-14] (Acronis)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694352 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59356;https=127.0.0.1:59356
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cipro.de/home.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL =
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default
FF DefaultSearchEngine: Google.de
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: hxxp://www.cipro.de/home.htm
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\googlede.xml
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-23]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-31]
FF HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [860504 2014-08-14] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4029432 2015-01-01] (Acronis)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-06-14] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-22] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed]
S2 gupdate1ca87fdcc7cbf74; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
R2 HFGService; C:\Windows\System32\HFGService.dll [419224 2010-02-05] (CSR, plc)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2007-05-05] () [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6857752 2014-09-13] (Acronis)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 WTService; C:\Windows\system32\atwtusb.exe [536064 2013-11-12] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
R2 ARGUS; C:\Windows\System32\drivers\dvr100H.sys [65280 2007-12-14] (AVerMedia Systems, Inc.) [File not signed]
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [48024 2010-02-05] (CSR, plc)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [44416 2005-12-18] (Windows (R) 2000 DDK provider) [File not signed]
S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43520 2008-01-02] (VIA Technologies, Inc. )
R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [51312 2011-05-13] (VIA Technologies, Inc. )
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-01-01] (Acronis International GmbH)
R1 hugoio; C:\Program Files\i-Menu\hugoio.sys [9760 2008-04-14] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-05-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2014-06-05] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-05-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2013-10-10] (Windows (R) Win 7 DDK provider)
S3 MusCDriverV32; C:\Windows\System32\drivers\MusCDriverV32.sys [22528 2007-07-18] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-07-16] (Duplex Secure Ltd.)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [867968 2015-01-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [169248 2015-01-01] (Acronis International GmbH)
S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [113792 2006-11-30] (TOSHIBA CORPORATION) [File not signed]
S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2006-11-20] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [73600 2006-10-05] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION) [File not signed]
R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd)
R0 videX32; C:\Windows\System32\drivers\videx32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
R0 xfilt; C:\Windows\System32\drivers\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc)
S3 amdkmdap; system32\DRIVERS\atikmpag.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S2 ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys [X]
S3 AtiHDAudioService; system32\drivers\AtihdLH3.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Dirk\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [X]
S4 HpCISSs; \SystemRoot\system32\drivers\hpcisss.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-05] (Kaspersky Lab ZAO)
S3 mod7700; system32\DRIVERS\mod7700.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys [X]
S2 secdrv; No ImagePath
S3 SNP325; system32\DRIVERS\snp325.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 21:15 - 2015-02-01 21:15 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 19:47 - 2015-02-01 20:30 - 00000000 ____D () C:\AdwCleaner
2015-02-01 19:13 - 2015-02-01 21:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 19:12 - 2015-02-01 19:12 - 00000865 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-01 19:12 - 2015-02-01 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 19:11 - 2015-02-01 19:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-01 19:11 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 19:11 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 19:11 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 19:08 - 2015-02-01 19:08 - 02194432 _____ () C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
2015-02-01 19:08 - 2015-02-01 19:08 - 01707939 _____ (Thisisu) C:\Users\Dirk\Desktop\JRT.exe
2015-01-31 18:27 - 2015-01-31 19:01 - 00000000 ____D () C:\Qoobox
2015-01-31 18:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-31 18:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-31 18:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-31 18:25 - 2015-01-31 18:58 - 00000000 ____D () C:\Windows\erdnt
2015-01-31 18:24 - 2015-01-31 18:24 - 05611408 ____R (Swearware) C:\Users\Dirk\Desktop\ComboFix.exe
2015-01-31 18:00 - 2015-01-31 18:00 - 00001023 _____ () C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
2015-01-31 18:00 - 2015-01-31 18:00 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-31 14:04 - 2015-02-01 21:43 - 00000000 ____D () C:\FRST
2015-01-31 13:52 - 2015-01-31 13:53 - 00000020 _____ () C:\Users\Dirk\defogger_reenable
2015-01-31 13:51 - 2015-02-01 21:43 - 00000000 ____D () C:\Users\Dirk\Desktop\TrojanerBoard
2015-01-31 09:05 - 2006-11-02 07:21 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll
2015-01-31 09:04 - 2011-05-13 13:34 - 00051312 _____ (VIA Technologies, Inc. ) C:\Windows\system32\Drivers\fetnd6v.sys
2015-01-31 09:04 - 2006-10-27 16:26 - 00069632 _____ () C:\Windows\system32\vuins32.dll
2015-01-28 21:51 - 2015-01-28 21:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-28 21:20 - 2015-01-28 21:20 - 00001842 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-01-28 21:20 - 2015-01-28 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-01-26 20:40 - 2015-02-01 21:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 20:40 - 2015-01-26 20:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-26 20:40 - 2015-01-26 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2015-01-24 13:27 - 2015-01-24 13:27 - 00000000 ____D () C:\digitalvideoconverter
2015-01-24 12:49 - 2015-01-24 12:49 - 00000825 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 12:48 - 2015-01-24 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-24 12:32 - 2015-01-24 12:32 - 00001692 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-24 12:32 - 2015-01-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\Program Files\AC3Filter
2015-01-20 07:28 - 2015-01-20 07:28 - 00000083 _____ () C:\Windows\system32\gpupdate.bin
2015-01-15 03:13 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 03:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 03:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-06 17:56 - 2015-01-06 17:56 - 00000000 ____D () C:\ProgramData\Avanquest Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 21:42 - 2007-05-05 16:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-01 21:34 - 2011-10-19 07:19 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 21:17 - 2012-05-03 16:45 - 01882056 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:12 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-01 21:10 - 2014-12-31 12:24 - 00010360 _____ () C:\Windows\PFRO.log
2015-02-01 21:10 - 2011-10-19 07:19 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 21:10 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 21:10 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 21:10 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 21:10 - 2006-11-02 11:23 - 00000689 _____ () C:\Windows\win.ini
2015-02-01 21:07 - 2012-05-10 02:51 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 21:07 - 2008-09-14 13:16 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-01 19:11 - 2010-06-07 07:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 17:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-01 16:18 - 2013-10-14 15:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 16:14 - 2009-03-09 19:52 - 00096256 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 16:02 - 2014-11-29 09:20 - 00000461 _____ () C:\Users\Dirk\Desktop\Daten-SIG.lnk
2015-02-01 14:03 - 2006-11-02 11:33 - 01461506 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 00:00 - 2009-06-23 19:57 - 00000368 _____ () C:\Windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job
2015-01-31 19:00 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-31 19:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-31 18:52 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-31 18:48 - 2006-11-02 11:22 - 81395712 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 78381056 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 50069504 _____ () C:\Windows\system32\config\COMPON~1.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-31 18:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-31 17:55 - 2007-09-25 15:23 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-31 13:52 - 2009-03-08 12:08 - 00000000 ____D () C:\Users\Dirk
2015-01-31 08:48 - 2008-06-14 15:28 - 00000000 ____D () C:\Program Files\Virtual Earth 3D
2015-01-31 08:45 - 2010-11-01 09:05 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\YoWindow
2015-01-31 08:40 - 2007-05-05 23:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-31 08:38 - 2009-03-29 10:57 - 00000000 ____D () C:\Program Files\Mobile Partner
2015-01-31 07:48 - 2012-01-31 18:34 - 00000000 ___RD () C:\Users\Dirk\Dropbox
2015-01-31 07:28 - 2014-08-22 11:49 - 00000000 ____D () C:\Send
2015-01-30 19:37 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Dropbox
2015-01-30 03:29 - 2013-05-10 06:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 20:41 - 2008-05-27 17:44 - 00000000 ____D () C:\MAGIX
2015-01-29 20:08 - 2014-05-13 17:02 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-01-29 20:08 - 2007-07-13 16:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-29 19:56 - 2007-10-14 09:28 - 00000000 ____D () C:\Program Files\WISO
2015-01-29 10:18 - 2011-09-10 11:15 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-29 09:12 - 2013-01-08 19:10 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-29 09:06 - 2014-12-31 12:18 - 00207680 _____ () C:\Users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 09:05 - 2014-12-31 12:24 - 01963128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-29 09:00 - 2007-09-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-29 08:59 - 2011-03-19 07:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-29 08:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-28 21:21 - 2007-11-27 19:09 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Buhl
2015-01-28 21:21 - 2007-10-14 10:56 - 00001464 _____ () C:\Windows\wiso.ini
2015-01-28 20:51 - 2014-01-02 10:02 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2015-01-28 20:50 - 2014-07-16 18:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-26 17:43 - 2007-05-05 18:56 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe
2015-01-24 12:53 - 2011-04-17 12:17 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 12:53 - 2009-03-08 14:14 - 00000955 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 12:53 - 2007-11-26 21:06 - 00001730 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-24 12:32 - 2007-05-14 19:27 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-23 10:28 - 2014-12-28 14:52 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Avanquest
2015-01-21 07:39 - 2014-08-02 15:09 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\vlc
2015-01-20 07:35 - 2007-05-05 23:51 - 00000000 ____D () C:\Program Files\AceBIT
2015-01-20 07:27 - 2013-10-16 11:37 - 00000000 ____D () C:\Users\Dirk\AppData\Local\AllMusicConverter
2015-01-19 09:19 - 2007-05-05 22:35 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Skype
2015-01-15 03:13 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 20:26 - 2007-05-31 17:42 - 00000000 ____D () C:\Users\Dirk\AppData\Local\CutePDF Writer
2015-01-13 18:08 - 2011-03-05 15:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-06 04:36 - 2009-10-03 11:53 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:49 - 2014-10-13 16:43 - 00207680 _____ () C:\Users\Pascal\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-02 18:42 - 2015-01-01 12:33 - 00000000 ____D () C:\ProgramData\Acronis
==================== Files in the root of some directories =======
1997-09-03 23:00 - 1997-09-03 23:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files\Common Files\msacc8.olb
2007-08-26 16:20 - 2011-06-21 17:08 - 0000070 _____ () C:\Users\Dirk\AppData\Roaming\AVSDVDPlayer.m3u
2011-05-13 19:44 - 2011-01-14 21:07 - 0061440 _____ () C:\Users\Dirk\AppData\Roaming\chrtmp
2009-05-31 08:00 - 2009-05-31 08:00 - 0000029 _____ () C:\Users\Dirk\AppData\Roaming\default.rss
2009-05-31 08:00 - 2009-05-31 08:00 - 0000000 _____ () C:\Users\Dirk\AppData\Roaming\downloads.m3u
2007-08-26 19:14 - 2007-08-26 19:14 - 0087608 _____ () C:\Users\Dirk\AppData\Roaming\inst.exe
2009-06-07 22:11 - 2009-06-07 22:11 - 0038431 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2007-10-01 20:38 - 2007-10-01 20:38 - 0012963 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2007-09-15 10:33 - 2012-03-21 19:47 - 0038443 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2007-10-01 20:29 - 2007-10-01 20:29 - 0012967 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
2007-09-15 10:39 - 2007-09-15 10:39 - 0011425 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).TSK
2012-03-19 07:19 - 2012-03-21 19:44 - 0023496 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.ADR
2008-02-10 10:43 - 2008-12-07 12:16 - 0012965 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.CAL
2009-05-09 15:49 - 2009-05-09 15:54 - 0008261 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.JNL
2007-06-10 08:30 - 2007-06-10 08:30 - 0012944 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel.CAL
2007-08-26 19:14 - 2007-08-26 19:14 - 0007887 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.cat
2007-08-26 19:14 - 2007-08-26 19:14 - 0001144 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.inf
2007-08-26 19:15 - 2007-08-26 19:15 - 0000034 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.log
2007-08-26 19:14 - 2007-08-26 19:14 - 0047360 _____ (VSO Software) C:\Users\Dirk\AppData\Roaming\pcouffin.sys
2007-05-10 21:52 - 2007-05-10 21:52 - 0012962 _____ () C:\Users\Dirk\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL
2009-02-23 10:10 - 2009-02-23 10:10 - 0006144 ___SH () C:\Users\Dirk\AppData\Roaming\Thumbs.db
2007-11-25 20:09 - 2008-05-25 10:22 - 0012201 _____ () C:\Users\Dirk\AppData\Roaming\UserTile.png
2014-09-14 15:23 - 2014-12-19 21:34 - 0000222 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG
2007-05-05 16:13 - 2007-05-10 21:56 - 0000112 _____ () C:\Users\Dirk\AppData\Roaming\wklnhst.dat
2011-01-04 12:06 - 2011-08-14 11:03 - 0001188 _____ () C:\Users\Dirk\AppData\Local\crc32list11.txt
2009-09-10 16:35 - 2014-12-15 20:23 - 0001356 _____ () C:\Users\Dirk\AppData\Local\d3d9caps.dat
2009-03-09 19:52 - 2015-02-01 16:14 - 0096256 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 03:23 - 2014-12-17 02:23 - 0000010 _____ () C:\Users\Dirk\AppData\Local\DSI.DAT
2014-11-10 00:23 - 2014-11-10 00:23 - 0000008 _____ () C:\Users\Dirk\AppData\Local\ext2.dat
2009-07-27 18:07 - 2009-07-27 18:07 - 0000036 _____ () C:\Users\Dirk\AppData\Local\housecall.guid.cache
2009-11-21 07:15 - 2009-11-21 07:15 - 0000600 _____ () C:\Users\Dirk\AppData\Local\PUTTY.RND
2010-04-17 09:15 - 2010-04-17 10:31 - 0000907 _____ () C:\Users\Dirk\AppData\Local\RAExpertHistory.xml
2010-04-17 10:19 - 2010-04-17 10:29 - 0000171 _____ () C:\Users\Dirk\AppData\Local\rahistory.xml
2014-10-26 12:42 - 2014-10-26 12:42 - 0001495 _____ () C:\Users\Dirk\AppData\Local\recently-used.xbel
2012-06-03 11:59 - 2012-06-03 11:59 - 0017408 _____ () C:\Users\Dirk\AppData\Local\WebpageIcons.db
2011-12-11 18:55 - 2014-02-07 20:59 - 0000394 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Files to move or delete:
====================
C:\Users\Dirk\kavremover10.exe
C:\Users\Dirk\strmdll.dll
Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\temp\Quarantine.exe
C:\Users\Dirk\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-01 21:18
==================== End Of Log ============================ --- --- ---
--- --- --- |