godmoron

Member
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About godmoron

  • Rank
    New Member
  1. Hi Schrauber. Super danke für deine Hilfe. Beim letzten Emisoft Scan hat er keinen Virus mehr gefunden. Hat alles super geklappt. Angehängt noch der letzt Log Report. Danke nochmals Philipp Emsisoft Anti-Malware - Version 9.0 Letztes Update: 22.09.2014 17:34:16 Benutzerkonto: Philipp-PC\Philipp Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, Q:\ PUPs-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 26.09.2014 21:42:20 Gescannt 730646 Gefunden 0 Scan Ende: 27.09.2014 02:38:39 Scan Zeit: 4:56:19
  2. Hi Schrauber. Hier die 2 Reports: Emsisoft Anti-Malware - Version 9.0 Letztes Update: 22.09.2014 17:34:16 Benutzerkonto: Philipp-PC\Philipp Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, Q:\ PUPs-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 26.09.2014 07:10:07 Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEC gefunden: Rogue.Win32.ExpertCleaner (A) Gescannt 733524 Gefunden 1 Scan Ende: 26.09.2014 11:37:45 Scan Zeit: 4:27:38 Und FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014 Ran by Philipp (administrator) on PHILIPP-PC on 26-09-2014 07:08:41 Running from C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP Loaded Profiles: Philipp & UpdatusUser (Available profiles: Philipp & UpdatusUser) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP\FRST64[2].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {d47d2f33-4669-11df-985f-00241dd35124} - E:\MENU.EXE HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {dfc5d081-1edc-11e3-8afa-806e6f6e6963} - E:\SETUP.EXE HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {dfc5d084-1edc-11e3-8afa-806e6f6e6963} - F:\KMDS.exe HKU\S-1-5-21-2723512163-2963705854-2571069048-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Netzwerk Server.lnk ShortcutTarget: Netzwerk Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alternate.net StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {89BDED6F-0931-4D38-ACEE-2601F55B1529} URL = http://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKCU - {8C1BCFB2-9234-4036-808A-80AC2861E63A} URL = http://www.google.de/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154 FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Philipp\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Speed Test Analysis - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\[email protected] [2014-01-04] FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-21] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-22] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-21] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Profile: C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Speed Test Analysis) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb [2013-12-26] CHR Extension: (Skype Click to Call) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-03-01] CHR Extension: (Securita Scout) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-20] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-22] (Emsisoft GmbH) S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160784 2009-07-20] (Logitech, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-22] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-18] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-26] (Emsisoft GmbH) R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-12-09] (Samsung Electronics) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [813160 2011-01-31] (Realtek Semiconductor Corporation ) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-12-25] (Sony Ericsson Mobile Communications) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-08-27] () [File not signed] U3 aq2bk04b; C:\Windows\System32\Drivers\aq2bk04b.sys [0 ] (Microsoft Corporation) S3 ALSysIO; \??\C:\Users\Philipp\AppData\Local\Temp\ALSysIO64.sys [X] S1 covwossh; \??\C:\Windows\system32\drivers\covwossh.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-25 12:09 - 2014-09-25 12:09 - 00001432 _____ () C:\Users\Philipp\Desktop\AdwCleaner[s1].txt 2014-09-25 09:36 - 2014-09-25 09:36 - 01373475 _____ () C:\Users\Philipp\Downloads\adwcleaner_3.310.exe 2014-09-25 03:00 - 2014-09-09 08:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-25 03:00 - 2014-09-09 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-24 10:15 - 2014-09-24 10:15 - 00049781 _____ () C:\Users\Philipp\Desktop\Addition.txt 2014-09-24 10:14 - 2014-09-24 10:14 - 00032745 _____ () C:\Users\Philipp\Desktop\FRST.txt 2014-09-24 10:13 - 2014-09-26 07:08 - 00000000 ____D () C:\FRST 2014-09-23 07:58 - 2014-09-23 07:58 - 00023030 _____ () C:\Users\Philipp\Desktop\Emisoft Report.txt 2014-09-23 07:32 - 2014-09-23 07:32 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-22 17:40 - 2014-09-25 12:07 - 00001180 _____ () C:\Windows\PFRO.log 2014-09-22 17:23 - 2014-09-22 17:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-22 17:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-22 17:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-22 08:09 - 2014-09-22 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-11 03:16 - 2014-08-19 05:17 - 01491968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:16 - 2014-08-19 05:17 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:16 - 2014-08-19 05:17 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-11 03:16 - 2014-08-19 05:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-09-11 03:16 - 2014-08-19 05:07 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-09-11 03:16 - 2014-08-19 05:03 - 09326592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:16 - 2014-08-19 05:03 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:16 - 2014-08-19 05:02 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:16 - 2014-08-19 05:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-11 03:16 - 2014-08-19 04:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-09-11 03:16 - 2014-08-19 04:57 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:16 - 2014-08-19 04:57 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:16 - 2014-08-19 04:57 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-09-11 03:16 - 2014-08-19 04:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:16 - 2014-08-19 04:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 12473344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:16 - 2014-08-19 04:55 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-09-11 03:16 - 2014-08-19 03:46 - 01214976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:16 - 2014-08-19 03:46 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:16 - 2014-08-19 03:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-09-11 03:16 - 2014-08-19 03:44 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 06003200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-09-11 03:16 - 2014-08-19 03:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:16 - 2014-08-19 03:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-09-11 03:16 - 2014-08-19 03:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 11082752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:16 - 2014-08-19 03:38 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll 2014-09-11 03:16 - 2014-08-19 03:36 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-09-11 03:16 - 2014-08-19 02:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:16 - 2014-08-19 02:15 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:16 - 2014-08-19 02:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:16 - 2014-08-19 02:14 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-11 03:16 - 2014-08-19 02:10 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-09-11 03:16 - 2014-08-19 00:33 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-09-11 03:16 - 2014-08-19 00:33 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:16 - 2014-08-19 00:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-09-11 03:16 - 2014-08-19 00:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-06 08:25 - 2014-09-06 08:27 - 00000000 ____D () C:\Users\Philipp\Desktop\Pfauen 2014-09-02 03:00 - 2014-08-23 03:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-02 03:00 - 2014-08-23 02:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-02 03:00 - 2014-08-23 01:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-26 06:38 - 2010-04-05 09:41 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-26 06:08 - 2006-11-02 17:22 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-26 06:08 - 2006-11-02 17:22 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-26 03:00 - 2012-08-10 10:45 - 01831603 _____ () C:\Windows\WindowsUpdate.log 2014-09-25 19:39 - 2010-04-05 09:41 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-25 12:32 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache 2014-09-25 12:14 - 2008-01-21 13:10 - 01577800 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-25 12:14 - 2008-01-21 13:09 - 00678024 _____ () C:\Windows\system32\perfh007.dat 2014-09-25 12:14 - 2008-01-21 13:09 - 00147278 _____ () C:\Windows\system32\perfc007.dat 2014-09-25 12:08 - 2012-07-21 15:05 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-09-25 12:08 - 2009-10-15 13:13 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-25 12:08 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-25 12:06 - 2006-11-02 17:42 - 00032512 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-25 12:05 - 2014-05-11 13:20 - 00000000 ____D () C:\AdwCleaner 2014-09-22 17:42 - 2012-04-16 22:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-22 17:42 - 2011-05-15 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 17:40 - 2014-08-10 21:23 - 00000000 ____D () C:\Program Files\Recuva 2014-09-22 17:23 - 2010-06-01 09:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malwarebytes 2014-09-22 17:22 - 2013-01-16 12:23 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-22 17:22 - 2010-06-01 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\Windows\SysWOW64\MAGIX 2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-09-22 17:11 - 2010-03-17 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative 2014-09-22 17:11 - 2006-11-02 14:34 - 00000252 _____ () C:\Windows\system.ini 2014-09-22 16:48 - 2010-03-17 17:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-22 12:25 - 2010-03-23 22:36 - 00002677 _____ () C:\Users\Philipp\Desktop\CorelDRAW X3.lnk 2014-09-22 08:42 - 2010-03-17 02:36 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-11 10:31 - 2013-01-13 13:20 - 00000000 ____D () C:\Users\Philipp\Desktop\Pocoyo 2014-09-11 10:08 - 2010-04-19 11:32 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-09-11 10:04 - 2010-07-30 20:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\vlc 2014-09-11 09:58 - 2014-05-26 12:12 - 00000000 ___RD () C:\Users\Philipp\Dropbox 2014-09-11 03:41 - 2014-05-26 12:09 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox 2014-09-11 03:16 - 2009-10-15 12:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 03:15 - 2010-10-06 16:11 - 01553256 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 03:14 - 2014-05-11 11:17 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-09-11 03:14 - 2014-05-11 11:16 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-11 03:14 - 2014-05-11 11:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-11 03:13 - 2014-05-11 11:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-09-11 03:13 - 2013-10-24 14:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 03:02 - 2006-11-02 14:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-09-04 10:14 - 2010-03-17 07:41 - 00020992 _____ () C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-02 03:18 - 2006-11-02 17:21 - 03159848 _____ () C:\Windows\system32\FNTCACHE.DAT Files to move or delete: ==================== C:\Users\Philipp\FurMark_1.10.5_Setup.exe Some content of TEMP: ==================== C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe C:\Users\Philipp\AppData\Local\Temp\securitascoutgames_3.exe C:\Users\Philipp\AppData\Local\Temp\unwise.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 00:45 ==================== End Of Log ============================ Danke Philipp
  3. Hi Schrauber. Danke für die genaue Anleitung. Hier die nächste Log Datei. LG Philipp # AdwCleaner v3.310 - Bericht erstellt am 25/09/2014 um 12:05:17 # Aktualisiert 12/09/2014 von Xplode # Betriebssystem : Windows Vista Home Premium Service Pack 2 (64 bits) # Benutzername : Philipp - PHILIPP-PC # Gestartet von : C:\Users\Philipp\Downloads\adwcleaner_3.310.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** [!] Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Security System 2 [!] Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\[email protected] ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Browser ] ***** -\\ Internet Explorer v8.0.6001.19561 -\\ Mozilla Firefox v32.0.2 (x86 de) [ Datei : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [9843 octets] - [11/05/2014 13:26:10] AdwCleaner[R1].txt - [1463 octets] - [25/09/2014 09:36:50] AdwCleaner[s0].txt - [8394 octets] - [11/05/2014 20:06:44] AdwCleaner[s1].txt - [1292 octets] - [25/09/2014 12:05:17] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1352 octets] ##########
  4. Hi Schrauber Danke für die Hilfe. Hier die 2 Log Files. Leider kann ich nichts anhängen daher poste ich's im Threat. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014 Ran by Philipp (administrator) on PHILIPP-PC on 24-09-2014 10:13:11 Running from C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Farbar) C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP\FRST64[1].exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {d47d2f33-4669-11df-985f-00241dd35124} - E:\MENU.EXE HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {dfc5d081-1edc-11e3-8afa-806e6f6e6963} - E:\SETUP.EXE HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {dfc5d084-1edc-11e3-8afa-806e6f6e6963} - F:\KMDS.exe HKU\S-1-5-21-2723512163-2963705854-2571069048-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Netzwerk Server.lnk ShortcutTarget: Netzwerk Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alternate.net StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKCU - {89BDED6F-0931-4D38-ACEE-2601F55B1529} URL = http://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKCU - {8C1BCFB2-9234-4036-808A-80AC2861E63A} URL = http://www.google.de/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154 FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Philipp\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Securita Scout - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\[email protected] [2014-04-20] FF Extension: Speed Test Analysis - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\[email protected] [2014-01-04] FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-21] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-22] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-21] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Profile: C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Speed Test Analysis) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb [2013-12-26] CHR Extension: (Skype Click to Call) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-03-01] CHR Extension: (Securita Scout) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-20] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-22] (Emsisoft GmbH) S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160784 2009-07-20] (Logitech, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-22] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-18] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-26] (Emsisoft GmbH) R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-12-09] (Samsung Electronics) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [813160 2011-01-31] (Realtek Semiconductor Corporation ) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-12-25] (Sony Ericsson Mobile Communications) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-08-27] () [File not signed] U3 abccir4v; C:\Windows\System32\Drivers\abccir4v.sys [0 ] (Microsoft Corporation) S3 ALSysIO; \??\C:\Users\Philipp\AppData\Local\Temp\ALSysIO64.sys [X] S1 covwossh; \??\C:\Windows\system32\drivers\covwossh.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\FRST 2014-09-23 07:58 - 2014-09-23 07:58 - 00023030 _____ () C:\Users\Philipp\Desktop\Emisoft Report.txt 2014-09-23 07:32 - 2014-09-23 07:32 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-22 17:40 - 2014-09-22 17:40 - 00000870 _____ () C:\Windows\PFRO.log 2014-09-22 17:23 - 2014-09-22 17:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-22 17:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-22 17:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-22 08:09 - 2014-09-22 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-11 03:16 - 2014-08-19 05:17 - 01491968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:16 - 2014-08-19 05:17 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:16 - 2014-08-19 05:17 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-11 03:16 - 2014-08-19 05:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-09-11 03:16 - 2014-08-19 05:07 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-09-11 03:16 - 2014-08-19 05:03 - 09326592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:16 - 2014-08-19 05:03 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:16 - 2014-08-19 05:02 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:16 - 2014-08-19 05:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-11 03:16 - 2014-08-19 04:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-09-11 03:16 - 2014-08-19 04:57 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:16 - 2014-08-19 04:57 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:16 - 2014-08-19 04:57 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-09-11 03:16 - 2014-08-19 04:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:16 - 2014-08-19 04:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 12473344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-09-11 03:16 - 2014-08-19 04:56 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:16 - 2014-08-19 04:55 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-09-11 03:16 - 2014-08-19 03:46 - 01214976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:16 - 2014-08-19 03:46 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:16 - 2014-08-19 03:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-09-11 03:16 - 2014-08-19 03:44 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 06003200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:16 - 2014-08-19 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-09-11 03:16 - 2014-08-19 03:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:16 - 2014-08-19 03:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-09-11 03:16 - 2014-08-19 03:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 11082752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:16 - 2014-08-19 03:39 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:16 - 2014-08-19 03:38 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll 2014-09-11 03:16 - 2014-08-19 03:36 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-09-11 03:16 - 2014-08-19 02:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:16 - 2014-08-19 02:15 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:16 - 2014-08-19 02:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:16 - 2014-08-19 02:14 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-11 03:16 - 2014-08-19 02:10 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-09-11 03:16 - 2014-08-19 00:33 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-09-11 03:16 - 2014-08-19 00:33 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:16 - 2014-08-19 00:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-09-11 03:16 - 2014-08-19 00:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-06 08:25 - 2014-09-06 08:27 - 00000000 ____D () C:\Users\Philipp\Desktop\Pfauen 2014-09-02 03:00 - 2014-08-23 03:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-02 03:00 - 2014-08-23 02:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-02 03:00 - 2014-08-23 01:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\FRST 2014-09-24 10:11 - 2006-11-02 17:22 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-24 10:11 - 2006-11-02 17:22 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-24 09:39 - 2010-04-05 09:41 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-24 07:55 - 2012-08-10 10:45 - 01768471 _____ () C:\Windows\WindowsUpdate.log 2014-09-23 19:39 - 2010-04-05 09:41 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-23 07:58 - 2014-09-23 07:58 - 00023030 _____ () C:\Users\Philipp\Desktop\Emisoft Report.txt 2014-09-23 07:32 - 2014-09-23 07:32 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-23 07:32 - 2012-07-21 15:05 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-09-22 17:47 - 2008-01-21 13:10 - 01577800 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-22 17:47 - 2008-01-21 13:09 - 00678024 _____ () C:\Windows\system32\perfh007.dat 2014-09-22 17:47 - 2008-01-21 13:09 - 00147278 _____ () C:\Windows\system32\perfc007.dat 2014-09-22 17:44 - 2014-09-22 17:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-22 17:42 - 2012-04-16 22:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-22 17:42 - 2011-05-15 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 17:40 - 2014-09-22 17:40 - 00000870 _____ () C:\Windows\PFRO.log 2014-09-22 17:40 - 2014-08-10 21:23 - 00000000 ____D () C:\Program Files\Recuva 2014-09-22 17:40 - 2009-10-15 13:13 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-22 17:40 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-22 17:38 - 2006-11-02 17:42 - 00032512 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-22 17:35 - 2014-04-20 18:19 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Security System 2 2014-09-22 17:23 - 2010-06-01 09:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malwarebytes 2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-22 17:22 - 2013-01-16 12:23 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-22 17:22 - 2010-06-01 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\Windows\SysWOW64\MAGIX 2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-09-22 17:11 - 2010-03-17 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative 2014-09-22 17:11 - 2006-11-02 14:34 - 00000252 _____ () C:\Windows\system.ini 2014-09-22 16:48 - 2010-03-17 17:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-22 12:25 - 2010-03-23 22:36 - 00002677 _____ () C:\Users\Philipp\Desktop\CorelDRAW X3.lnk 2014-09-22 08:42 - 2010-03-17 02:36 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-22 08:09 - 2014-09-22 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-11 10:31 - 2013-01-13 13:20 - 00000000 ____D () C:\Users\Philipp\Desktop\Pocoyo 2014-09-11 10:08 - 2010-04-19 11:32 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-09-11 10:04 - 2010-07-30 20:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\vlc 2014-09-11 09:58 - 2014-05-26 12:12 - 00000000 ___RD () C:\Users\Philipp\Dropbox 2014-09-11 03:41 - 2014-05-26 12:09 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox 2014-09-11 03:16 - 2009-10-15 12:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 03:15 - 2010-10-06 16:11 - 01553256 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 03:14 - 2014-05-11 11:17 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-09-11 03:14 - 2014-05-11 11:16 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-11 03:14 - 2014-05-11 11:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-11 03:13 - 2014-05-11 11:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-09-11 03:13 - 2013-10-24 14:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 03:02 - 2006-11-02 14:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-09-06 08:27 - 2014-09-06 08:25 - 00000000 ____D () C:\Users\Philipp\Desktop\Pfauen 2014-09-04 10:14 - 2010-03-17 07:41 - 00020992 _____ () C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-02 03:18 - 2006-11-02 17:21 - 03159848 _____ () C:\Windows\system32\FNTCACHE.DAT Files to move or delete: ==================== C:\Users\Philipp\FurMark_1.10.5_Setup.exe Some content of TEMP: ==================== C:\Users\Philipp\AppData\Local\Temp\securitascoutgames_3.exe C:\Users\Philipp\AppData\Local\Temp\unwise.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-24 07:37 ==================== End Of Log ============================ Und hier die zweite Datei: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014 Ran by Philipp at 2014-09-24 10:13:55 Running from C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.386 - ACD Systems International Inc.) Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.4 - Adobe Systems) Hidden Adobe Acrobat 9.5.4 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_954) (Version: - Adobe Systems Incorporated) Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_71bc85719badc9942e1198866ee2cbc) (Version: 4.0 - Adobe Systems Incorporated) Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 Professional (HKLM-x32\...\Adobe_a68eec966ce913ddaa63251dc82ed31) (Version: 10.0 - Adobe Systems Incorporated) Adobe Flash CS4 STI-other (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden ArchiCAD 13 AUT (HKLM\...\001FFF2FFF13FF00FF0901F00F02F000-R1) (Version: - ) Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden CorelDRAW Graphics Suite X3 (HKLM-x32\...\_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: - Corel Corporation) CorelDRAW Graphics Suite X3 (x32 Version: 13.2 - Corel Corporation) Hidden DE (x32 Version: 13.0 - Corel Corporation) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.) Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.6 - Emsisoft GmbH) FontNav (x32 Version: 5.0 - Corel Corporation) Hidden Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Java 2 Runtime Environment, SE v1.4.2 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142000}) (Version: 1.4.2 - Sun Microsystems, Inc.) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt)) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) MAGIX Web Designer 6 Content (x32 Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Web Designer 6 Download-Version (HKLM-x32\...\MAGIX_MSI_Web_Designer_6) (Version: 6.0.1.12379 - MAGIX AG) MAGIX Web Designer 6 Download-Version (x32 Version: 6.0.1.12379 - MAGIX AG) Hidden MAGIX Web Designer 7 Premium Content Pack (x32 Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Web Designer 7 Premium Download-Version (HKLM-x32\...\MAGIX_MSI_Web_Designer_7_Premium) (Version: 7.0.4.16646 - MAGIX AG) MAGIX Web Designer 7 Premium Download-Version (x32 Version: 7.0.4.16646 - MAGIX AG) Hidden MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{739FE2DC-0C7E-4A1C-AC6E-46348169E27E}) (Version: 8.0.2.21761 - MAGIX AG) MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden MAGIX Web Designer MX Premium Content Pack (Version: 1.1.0.0 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla) MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}) (Version: 8.3.465 - Nero AG) neroxml (x32 Version: 1.0.0 - Nero AG) Hidden NETGEAR WNA1000M Wireless USB 2.0 Adapter (x32 Version: 1.01.10 - NETGEAR) Hidden NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden QuickTime (HKLM-x32\...\{5B09BD67-4C99-46A1-8161-B7208CE18121}) (Version: 7.3.0.70 - Apple Inc.) Samsung CLP-300 Series (HKLM-x32\...\Samsung CLP-300 Series) (Version: - Samsung Electronics CO.,LTD) Schachermayer Warenkorb 2.6a (HKLM-x32\...\ST6UNST #1) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SOAP3 and XML4 (x32 Version: 1.0.0 - Xara - Microsoft) Hidden Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) VBA (x32 Version: 6.2 - Corel Corporation) Hidden VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Xara Designer Pro 6 (HKLM-x32\...\MAGIX_MSI_XtremePro6) (Version: 6.1.1.13205 - Xara Group Ltd) Xara Designer Pro 6 (x32 Version: 6.1.1.13205 - Xara Group Ltd) Hidden Xara Designer Pro 6 Content Pack (x32 Version: 1.0.0.0 - Xara Group Ltd) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files (x86)\MAGIX\Web Designer MX Premium\WebDesigner.exe (Xara Group Ltd.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1002_Classes\CLSID\{CB58FF31-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files (x86)\Xara\Xara_Designer_Pro_6\DesignerPro.exe (Xara Group Ltd.) CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1002_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files (x86)\MAGIX\Web Designer 7 Premium Download-Version\WebDesigner.exe (Xara Group Ltd.) ==================== Restore Points ========================= 04-09-2014 16:56:02 Geplanter Prüfpunkt 05-09-2014 15:36:28 Windows Update 06-09-2014 22:00:01 Geplanter Prüfpunkt 07-09-2014 22:00:01 Geplanter Prüfpunkt 08-09-2014 22:00:01 Geplanter Prüfpunkt 09-09-2014 15:35:55 Windows Update 10-09-2014 22:00:02 Geplanter Prüfpunkt 11-09-2014 01:00:14 Windows Update 11-09-2014 22:00:01 Geplanter Prüfpunkt 12-09-2014 22:00:01 Geplanter Prüfpunkt 13-09-2014 22:00:01 Geplanter Prüfpunkt 14-09-2014 01:52:04 Windows Update 14-09-2014 22:00:01 Geplanter Prüfpunkt 15-09-2014 22:00:01 Geplanter Prüfpunkt 16-09-2014 22:00:01 Geplanter Prüfpunkt 17-09-2014 22:00:02 Geplanter Prüfpunkt 18-09-2014 01:50:15 Windows Update 18-09-2014 22:00:01 Geplanter Prüfpunkt 19-09-2014 22:00:01 Geplanter Prüfpunkt 20-09-2014 22:00:01 Geplanter Prüfpunkt 21-09-2014 22:00:01 Geplanter Prüfpunkt 22-09-2014 01:50:03 Windows Update 22-09-2014 14:47:40 Entfernt CrazyTalk 23-09-2014 08:03:40 Geplanter Prüfpunkt 23-09-2014 22:00:01 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 14:34 - 2010-05-31 23:49 - 00000789 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {2D3E4534-6321-41A1-88B9-DEE4E947F6C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05] (Google Inc.) Task: {3DF66163-E492-4A72-9E01-D5ADB11CD154} - \{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} No Task File <==== ATTENTION Task: {43411E3C-B875-43B3-AE8C-E8EC96B3EFA2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {4EC2D1B8-71EC-4C49-AADB-D7EFDDA382FE} - System32\Tasks\SpottyFiles Update => C:\Program Files (x86)\SpottyFiles\SpottyFilesUpdater.exe Task: {608AFA0B-B0BA-406E-89A1-E14EC0E2AD15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05] (Google Inc.) Task: {60F7DC69-EE59-431E-BE62-A08532B3D805} - \SaveSense No Task File <==== ATTENTION Task: {7B9C5631-FFC1-47C1-BC9B-99256234D4C7} - \EPUpdater No Task File <==== ATTENTION Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {A4DAE6F8-64C5-40EC-B0F5-94F5012978DF} - System32\Tasks\{C4055F77-6FC2-49CB-BB8C-6BC61B18556A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {E205DB9B-9CD5-4F5E-A6E4-1EA83E1E47F6} - System32\Tasks\Advanced System Optimizer => C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2006-12-09 04:55 - 2006-12-09 04:55 - 00022016 _____ () C:\Windows\System32\sugg1l6.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-08-26 21:24 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll 2010-03-19 19:21 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe 2014-09-22 17:32 - 2014-09-22 17:32 - 00751680 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll 2014-09-22 08:09 - 2014-09-22 08:09 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-09-22 17:42 - 2014-09-22 17:42 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: BrMfcWnd => "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: V0330Mon.exe => C:\Windows\V0330Mon.exe MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/23/2014 07:35:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:35:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:34:29 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:34:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:34:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:34:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:33:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (09/23/2014 07:33:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (09/23/2014 05:55:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.185.933.0){CEBC8411-9A33-4E04-9113-7BA1A77782A9}201 Error: (09/23/2014 05:55:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.185.761.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.6.0305.00 Quellpfad: 4.6.0305.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (09/22/2014 05:50:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Windows Update Error: (09/22/2014 05:41:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/22/2014 05:41:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: i8042prt Error: (09/22/2014 05:38:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Microsoft Antimalware Service Error: (09/22/2014 05:37:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.185.761.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.6.0305.00 Quellpfad: 4.6.0305.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (09/11/2014 03:48:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Windows Update Error: (09/11/2014 03:40:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/11/2014 03:39:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: i8042prt Microsoft Office Sessions: ========================= Error: (09/23/2014 07:35:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING Error: (09/23/2014 07:35:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING Error: (09/23/2014 07:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING Error: (09/23/2014 07:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING Error: (09/23/2014 07:34:29 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING-BACKUP Error: (09/23/2014 07:34:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING-BACKUP Error: (09/23/2014 07:34:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING Error: (09/23/2014 07:34:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING Error: (09/23/2014 07:33:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING Error: (09/23/2014 07:33:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING CodeIntegrity Errors: =================================== Date: 2014-09-24 10:13:51.522 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-24 10:13:51.414 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-24 10:13:51.304 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-24 10:13:51.188 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-24 10:13:50.968 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-24 10:13:50.858 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-24 10:13:50.751 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-24 10:13:50.630 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-22 18:12:54.042 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-22 18:12:53.907 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel® Core i5 CPU 750 @ 2.67GHz Percentage of memory in use: 82% Total physical RAM: 6134.57 MB Available physical RAM: 1073.91 MB Total Pagefile: 12412.65 MB Available Pagefile: 6835.45 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:119.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (SCH2014-2) (CDROM) (Total:4.07 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 7C687C6C) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Danke nochmals Philipp
  5. Hallo Da ich im Internet nichts über den oben genannten Virus finden kann, und Emisoft die einzige Software ist die diesen Virus anzeigt dacht ich ich frage einfach mal hier im Forum nach. Es gibt anscheinend mehrere dieser Rouge.Win32....... Viren aber diesen "Expert Cleaner" habe ich noch nirgends gefunden. Kann mir jemand helfen diesen zu entfernen. Leider bin ich kein Experte und kann nur die Log File vom letzten Scan mit Emisoft anhängen: Emsisoft Anti-Malware - Version 9.0 Letztes Update: 22.09.2014 17:34:16 Benutzerkonto: Philipp-PC\Philipp Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, Q:\ PUPs-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 22.09.2014 17:45:18 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983} gefunden: Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{19975B78-1907-4DD6-A437-4C48120F46A4} gefunden: Application.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{562B9317-C08A-444A-9482-62080DD851AE} gefunden: Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069} gefunden: Application.InstallNews (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA} gefunden: Application.InstallNews (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895} gefunden: Application.InstallNews (A) C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers gefunden: Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers gefunden: Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\getrighttogo gefunden: Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\getrighttogo gefunden: Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\systweak gefunden: Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\systweak gefunden: Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\thinstall gefunden: Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\thinstall gefunden: Application.AppInstall (A) C:\ProgramData\babylon gefunden: Application.AppInstall (A) C:\ProgramData\systweak gefunden: Application.AppInstall (A) C:\ProgramData\trymedia gefunden: Application.AppInstall (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\MOVIE2KDOWNLOADER gefunden: Application.AdReg (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\BABSOLUTION gefunden: Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION gefunden: Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\SOFTONIC gefunden: Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC gefunden: Application.InstallAd (A) C:\Users\Philipp\AppData\Roaming\BabSolution gefunden: Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\BabSolution gefunden: Application.AppInstall (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEC gefunden: Rogue.Win32.ExpertCleaner (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\YAHOOPARTNERTOOLBAR gefunden: Application.Win32.YTool (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\YAHOOPARTNERTOOLBAR gefunden: Application.Win32.YTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{09C554C3-109B-483C-A06B-F14172F1A947} gefunden: Application.InstallDeal (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} gefunden: Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} gefunden: Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} gefunden: Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORT.DLL gefunden: Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTAPP.DLL gefunden: Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTENG.DLL gefunden: Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTLBR.DLL gefunden: Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESRV.EXE gefunden: Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\B gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\PROD.CAP gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} gefunden: Application.AdReg (A) Gescannt 736699 Gefunden 51 Scan Ende: 23.09.2014 07:32:01 Scan Zeit: 13:46:43 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\PROD.CAP Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\B Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESRV.EXE Quarantäne Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTLBR.DLL Quarantäne Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTENG.DLL Quarantäne Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTAPP.DLL Quarantäne Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORT.DLL Quarantäne Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Quarantäne Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Quarantäne Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Quarantäne Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{09C554C3-109B-483C-A06B-F14172F1A947} Quarantäne Application.InstallDeal (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\YAHOOPARTNERTOOLBAR Quarantäne Application.Win32.YTool (A) C:\Users\Philipp\AppData\Roaming\BabSolution Quarantäne Application.AppInstall (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\SOFTONIC Quarantäne Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\BABSOLUTION Quarantäne Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\MOVIE2KDOWNLOADER Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Quarantäne Application.AdReg (A) C:\ProgramData\trymedia Quarantäne Application.AppInstall (A) C:\ProgramData\systweak Quarantäne Application.AppInstall (A) C:\ProgramData\babylon Quarantäne Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\thinstall Quarantäne Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\systweak Quarantäne Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\getrighttogo Quarantäne Application.AppInstall (A) C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers Quarantäne Application.AppInstall (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895} Quarantäne Application.InstallNews (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA} Quarantäne Application.InstallNews (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069} Quarantäne Application.InstallNews (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{562B9317-C08A-444A-9482-62080DD851AE} Quarantäne Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{19975B78-1907-4DD6-A437-4C48120F46A4} Quarantäne Application.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983} Quarantäne Application.InstallTool (A) Quarantäne 42 Gelöscht 0 Ich verwende MS Security Essentials und die Windows Firewall und als OS habe ich Vista home Premium. Ich würde mich über einen Lösungsweg freuen.....Danke Philipp