| |
| |||||||
Log-Analyse und Auswertung: win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.07.2013, 09:32
| #1 |
 |  win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Hallo mein Laptop hat seit einiger Zeit manchmal Probleme bei der Erkennung einiger Plug und Play Geräten und ich habe darauf hin nochmal alles mit Spybot und AVG durchgecheckt. Spybot hat dabei einen win32.downloader.gen entdeckt, konnte ihn aber nicht entfernen. Daraufhin habe ich mir panisch Malwarebytes Antimalware und Spyware Terminator runtergeladen, die das Problem aber auch nicht lösen konnten. Leider habe ich keine Ahnung wie ich eine Log Datei von Spybot, AVG und Spyware Terminator erstellen kann, deshalb hier erst einmal nur die anderen Logs die ihr haben wollt. Ich habe versucht, alles so zu machen, wie ihr es beschrieben habt, habe aber bestimmt irgendwo einen Fehler gemacht. Bin nämlich wirklich kein Computer Kenner. Würde mich wirklich sehr freuen, wenn ihr mir weiterhelfen könntet!!! Vielen Dank schonmal. Malwarebytes-Antimalware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.18.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Medion :: MEDION-PC [Administrator] Schutz: Aktiviert 19.07.2013 02:04:35 mbam-log-2013-07-19 (02-04-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 655471 Laufzeit: 3 Stunde(n), 12 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 C:\Users\Finn.Medion-PC\Funmoods\1.5.23.22\escortApp.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\Funmoods\1.5.23.22\escortEng.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\Funmoods\1.5.23.22\escorTlbr.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Medion\Downloads\SoftonicDownloader_fuer_vuescan.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Finn.Medion-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 22.07.2013 11:34:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Medion\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 39,86% Memory free 5,87 Gb Paging File | 3,58 Gb Available in Paging File | 61,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 151,12 Gb Free Space | 56,60% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 22,44 Gb Free Space | 74,80% Space Free | Partition Type: NTFS Drive E: | 625,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.22 11:32:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Downloads\OTL.exe PRC - [2013.07.08 14:32:20 | 000,110,888 | ---- | M] () -- C:\Users\Medion\Qtrax\Player\notification.exe PRC - [2013.06.27 14:22:52 | 002,236,080 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2013.06.27 14:22:52 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe PRC - [2013.06.27 14:22:52 | 000,152,240 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe PRC - [2013.06.18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.06.07 00:57:28 | 000,169,632 | ---- | M] (APN LLC.) -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe PRC - [2013.06.07 00:57:19 | 001,541,584 | ---- | M] (APN) -- C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.04.04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe PRC - [2013.04.03 03:44:50 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2013.04.03 03:44:46 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2013.04.03 03:44:38 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2013.03.28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe PRC - [2013.03.18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe PRC - [2013.02.19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.25 17:40:08 | 000,032,152 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe PRC - [2012.10.25 17:39:44 | 000,126,872 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe PRC - [2012.10.25 17:39:32 | 000,098,200 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTInk.exe PRC - [2012.10.17 09:42:56 | 005,282,200 | ---- | M] (Joyent, Inc) -- C:\Programme\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe PRC - [2012.10.17 09:41:18 | 000,582,552 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe PRC - [2012.10.17 09:40:42 | 002,219,416 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe PRC - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE PRC - [2012.03.09 09:14:50 | 010,132,336 | ---- | M] (SMART Technologies ULC) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardTools.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.01.20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2010.03.30 07:39:30 | 000,225,382 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\WDM\stacsv.exe PRC - [2010.03.30 07:39:14 | 000,495,728 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2013.07.14 14:13:15 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll MOD - [2013.07.14 14:12:49 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll MOD - [2013.07.14 14:10:49 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\cb5671235362c8e17b1a1f0b67bfc8d9\UIAutomationTypes.ni.dll MOD - [2013.07.14 14:10:49 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3f0863816ab6f5fef4e0abb442752b9f\UIAutomationProvider.ni.dll MOD - [2013.07.14 14:10:45 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\faa947d3cf5ddf23a46cf292df004a35\System.EnterpriseServices.ni.dll MOD - [2013.07.14 14:10:45 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\faa947d3cf5ddf23a46cf292df004a35\System.EnterpriseServices.Wrapper.dll MOD - [2013.07.14 14:10:44 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll MOD - [2013.07.14 14:10:43 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll MOD - [2013.07.14 14:10:42 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll MOD - [2013.07.14 14:10:41 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll MOD - [2013.07.14 14:10:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll MOD - [2013.07.14 13:41:49 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll MOD - [2013.07.14 13:41:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll MOD - [2013.07.14 13:41:28 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll MOD - [2013.07.14 13:41:26 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll MOD - [2013.07.14 13:41:25 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll MOD - [2013.07.14 13:41:13 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll MOD - [2013.07.14 13:41:09 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll MOD - [2013.07.14 13:40:49 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll MOD - [2013.07.14 13:40:46 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll MOD - [2013.07.14 13:40:44 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll MOD - [2013.07.14 13:40:34 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013.07.08 14:32:20 | 000,110,888 | ---- | M] () -- C:\Users\Medion\Qtrax\Player\notification.exe MOD - [2013.06.27 14:22:52 | 002,236,080 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2013.06.27 14:22:52 | 000,521,392 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll MOD - [2013.06.27 14:22:52 | 000,145,072 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll MOD - [2013.06.18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2012.10.17 09:40:30 | 000,030,208 | ---- | M] () -- C:\Programme\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node MOD - [2012.10.17 09:40:24 | 000,454,656 | ---- | M] () -- C:\Programme\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node MOD - [2012.09.28 11:53:54 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll MOD - [2012.09.28 11:53:48 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.23 19:49:18 | 004,110,392 | ---- | M] () -- C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\pdf.dll MOD - [2011.03.23 19:47:31 | 000,102,472 | ---- | M] () -- C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\avutil-50.dll MOD - [2011.03.23 19:47:29 | 000,194,632 | ---- | M] () -- C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\avformat-52.dll MOD - [2011.03.23 19:47:28 | 001,823,304 | ---- | M] () -- C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\avcodec-52.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2013.07.18 14:52:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.27 14:22:52 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0) SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.07 00:57:28 | 000,169,632 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.04.03 03:44:50 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.10.17 09:41:18 | 000,582,552 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService) SRV - [2012.09.28 11:53:43 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.07.15 12:35:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.03.30 07:39:30 | 000,225,382 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Start_Pending] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.03.04 09:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2013.06.27 14:22:52 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013.03.21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013.03.01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013.02.08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013.02.08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013.02.08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013.02.08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013.02.08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.09.19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.03.21 15:26:40 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - [2012.03.21 15:26:34 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86) DRV - [2012.03.21 15:26:30 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.09 08:48:36 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.08.31 12:09:00 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.08.07 11:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.07.27 03:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.02.15 12:24:00 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.12.14 08:12:32 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2009.11.18 10:09:16 | 000,421,376 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.11.06 12:02:38 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32) DRV - [2009.07.20 19:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951 IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0357424C-98AE-4524-9CFD-248260DD2564}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951 IE - HKCU\..\SearchScopes\{718950F7-AE55-48DA-8F41-B703D94FF653}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8C39A798-654B-4DBB-A405-B51541FC5E32}&mid=7d4b16a558d047d6b19ed16f6b5b0cc8-f2b269effa754ae9f58378cbb5609b05236812b2&lang=de&ds=AVG&pr=fr&d=2012-10-10 18:14:44&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=foxload-sfp" FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=foxload-sfp" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10 FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1 FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.3.0.11 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.1.20130511125033 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.19.0.3 FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.27.3.1 FF - prefs.js..extensions.enabledAddons: toolbar_ORJ-V7%40apn.ask.com:16.49183 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.17 18:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013.06.27 14:23:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.23 07:26:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.20 00:22:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.03 15:43:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.17 18:49:19 | 000,000,000 | ---D | M] [2011.04.14 19:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions [2011.04.14 19:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.07.22 11:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions [2013.07.19 11:33:30 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} [2013.07.19 00:51:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.07.19 23:38:57 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.07.19 23:39:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.07.22 11:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\ffxtlbr@babylon.com [2013.07.22 11:09:04 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\ffxtlbr@delta.com [2013.06.28 15:54:03 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\foxmarks@kei.com [2013.07.19 23:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\staged [2013.06.07 00:58:06 | 000,448,205 | ---- | M] () (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\s2f3lxl7.default\extensions\toolbar_ORJ-V7@apn.ask.com.xpi [2013.07.19 23:38:57 | 000,671,953 | ---- | M] () (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\s2f3lxl7.default\extensions\webbooster@iminent.com.xpi [2013.07.22 11:08:31 | 000,006,546 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\s2f3lxl7.default\searchplugins\babylon.xml [2013.07.22 11:09:10 | 000,001,294 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\s2f3lxl7.default\searchplugins\delta.xml [2013.07.19 23:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.23 07:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.03 17:39:36 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.07.03 17:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2013.07.03 17:39:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.06.27 14:23:11 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.3.0.11 [2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2013.05.21 17:57:10 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml ========== Chrome ========== CHR - homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\gears.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Xmarks Bookmark Sync = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0\ CHR - Extension: Xmarks Bookmark Sync = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0\.bak CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\ CHR - Extension: Read Later Fast = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.8_0\ CHR - Extension: Delta Toolbar = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: DealPly Shopping = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\ CHR - Extension: Friends Mural for Facebook = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhkjheddgkdhejgollcmdnhmpfagaed\0.9.5_0\ CHR - Extension: Picnik Photo Editor = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.3_0\ CHR - Extension: Autodesk Homestyler = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\1.5_0\ CHR - Extension: AT_KojiNishida = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdhmimpfmefmegcdgmbohplkcbpgpjb\2_0\ CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.6.2_0\ CHR - Extension: AVG Security Toolbar = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\ CHR - Extension: Cooliris = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.2.44674_0\ CHR - Extension: Todo.ly = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\ CHR - Extension: DVDVideoSoftTB = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.18.20_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Plus-HD-2.3) - {11111111-1111-1111-1111-110311341126} - C:\Programme\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD) O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [sbsdk-server] C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe (SMART Technologies) O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies) O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC) O4 - HKLM..\Run: [SMART Ink] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [QtraxNotification] C:\Users\Medion\Qtrax\Player\Notification.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Del2715493] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Del2737973] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Del2712997] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Del2737957] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Qtrax] C:\Program Files\Microsoft Silverlight\sllauncher.exe 2576143647.portal.qtrax.com File not found O4 - Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1246FD9E-6FC8-4FDD-A385-0B718CE4076E}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.22 11:12:08 | 000,000,000 | ---D | C] -- C:\Users\Medion\Qtrax [2013.07.22 11:09:23 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Zip Opener Packages [2013.07.22 11:09:20 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.07.22 11:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.07.22 11:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.07.22 11:08:54 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Delta [2013.07.22 11:08:38 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\BabSolution [2013.07.22 11:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Plus-HD-2.3 [2013.07.22 11:08:15 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\DealPly [2013.07.22 11:08:05 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.07.22 11:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! [2013.07.22 11:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly [2013.07.22 11:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.07.22 11:07:57 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Babylon [2013.07.22 11:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\OpenIt [2013.07.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\DSite [2013.07.20 00:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork [2013.07.20 00:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork [2013.07.20 00:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.07.19 23:53:25 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Conduit [2013.07.19 01:09:19 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes [2013.07.19 01:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.19 01:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.19 01:08:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.07.19 01:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.07.19 01:08:20 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Programs [2013.07.18 17:46:19 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Spyware Terminator [2013.07.18 17:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.07.18 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.07.18 17:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2013.07.13 20:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.07.01 23:52:39 | 000,937,232 | ---- | C] (Crawler.com ) -- C:\Users\Medion\Desktop\SpywareTerminatorSetup.exe [2013.06.28 15:20:12 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\DriverTuner [2013.06.22 22:58:10 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Macromedia [2013.02.20 18:44:23 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx [1 C:\Users\Medion\Desktop\*.tmp files -> C:\Users\Medion\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.22 11:26:15 | 000,000,000 | ---- | M] () -- C:\Users\Medion\defogger_reenable [2013.07.22 11:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.22 11:09:15 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-updater.job [2013.07.22 11:09:09 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-enabler.job [2013.07.22 11:08:49 | 000,001,188 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-codedownloader.job [2013.07.22 11:08:31 | 000,001,808 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-firefoxinstaller.job [2013.07.22 11:08:27 | 000,001,884 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-chromeinstaller.job [2013.07.22 11:08:01 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Open It!.lnk [2013.07.22 11:07:57 | 000,002,329 | ---- | M] () -- C:\Users\Medion\Desktop\Qtrax Player.lnk [2013.07.22 11:07:57 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.07.22 10:33:13 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 10:33:13 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 10:24:44 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.07.22 10:24:44 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2013.07.22 10:23:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.22 10:23:14 | 2363,125,760 | -HS- | M] () -- C:\hiberfil.sys [2013.07.20 08:58:22 | 000,483,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.19 01:08:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.19 01:06:04 | 000,011,692 | ---- | M] () -- C:\Users\Medion\Desktop\Unbenannt.PNG [2013.07.18 17:46:16 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.07.14 13:33:34 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.14 13:33:34 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.14 13:33:34 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.14 13:33:34 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.01 23:52:40 | 000,937,232 | ---- | M] (Crawler.com ) -- C:\Users\Medion\Desktop\SpywareTerminatorSetup.exe [2013.06.28 15:53:54 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.27 14:24:10 | 000,003,716 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2013.06.27 14:22:52 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [1 C:\Users\Medion\Desktop\*.tmp files -> C:\Users\Medion\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.22 11:26:15 | 000,000,000 | ---- | C] () -- C:\Users\Medion\defogger_reenable [2013.07.22 11:09:14 | 000,001,184 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-updater.job [2013.07.22 11:09:05 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-enabler.job [2013.07.22 11:08:48 | 000,001,188 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-codedownloader.job [2013.07.22 11:08:31 | 000,001,808 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-firefoxinstaller.job [2013.07.22 11:08:27 | 000,001,884 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-chromeinstaller.job [2013.07.22 11:08:01 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Open It!.lnk [2013.07.22 11:07:57 | 000,002,359 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk [2013.07.22 11:07:57 | 000,002,329 | ---- | C] () -- C:\Users\Medion\Desktop\Qtrax Player.lnk [2013.07.22 11:07:57 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.07.19 01:08:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.19 01:06:04 | 000,011,692 | ---- | C] () -- C:\Users\Medion\Desktop\Unbenannt.PNG [2013.07.18 17:46:19 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2013.07.18 17:46:16 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.06.27 14:22:18 | 000,003,716 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2011.12.26 14:01:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.12.26 14:01:38 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.08.17 18:40:52 | 000,233,484 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.04.21 00:09:24 | 000,010,517 | ---- | C] () -- C:\Users\Medion\.recently-used.xbel [2011.04.14 22:06:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.14 20:36:31 | 000,000,680 | RHS- | C] () -- C:\Users\Medion\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.10 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\AVG2013 [2013.07.22 11:09:00 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\BabSolution [2013.07.22 11:07:57 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Babylon [2013.07.22 11:08:15 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DealPly [2013.07.22 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Delta [2013.07.22 11:07:50 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DSite [2013.04.30 09:44:41 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft [2011.07.19 23:39:44 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.13 01:47:35 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\go [2011.04.20 17:53:19 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\gtk-2.0 [2013.02.16 18:13:06 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Lurs-Minimator [2012.09.11 23:18:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\pdfforge [2011.12.26 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Samsung [2013.05.15 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\SMART Technologies [2012.07.28 12:25:28 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\SMART Technologies Inc [2013.01.03 16:20:06 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\SmartTools [2013.07.18 17:46:19 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Spyware Terminator [2012.06.02 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Telefónica [2011.04.14 19:25:33 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Thunderbird [2012.10.10 18:14:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\TuneUp Software [2013.01.03 01:09:10 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\WEB.DE [2013.07.22 11:09:23 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Zip Opener Packages ========== Purity Check ========== < End of report > Geändert von Mika_80 (23.07.2013 um 09:53 Uhr) Grund: Anhang vergessen |
|
23.07.2013, 10:52
| #2 |
| /// the machine /// TB-Ausbilder    | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
23.07.2013, 11:20
| #3 |
| | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Hallo Schrauber,
__________________vielen Dank für deine schnelle Antwort. Im Anhang findest du hoffentlich die anderen Logs. Hier die Farbar Dateien: Fstr: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2013 02 (ATTENTION: FRST version is 50 days old)
Ran by Medion (administrator) on 23-07-2013 12:11:43
Running from C:\Users\Medion\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Farbar) C:\Users\Medion\Desktop\FRST (2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495728 2010-03-30] (IDT, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [2236080 2013-06-27] ()
HKLM\...\Run: [SMART Board Service] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d [2219416 2012-10-17] (SMART Technologies)
HKLM\...\Run: [SMART Board Tools] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe" [10132336 2012-03-09] (SMART Technologies ULC)
HKLM\...\Run: [SMART Ink] "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a [98200 2012-10-25] (SMART Technologies)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [sbsdk-server] "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" [62360 2012-10-17] (SMART Technologies)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [1541584 2013-06-07] (APN)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [QtraxNotification] C:\Users\Medion\Qtrax\Player\Notification.exe [x]
HKU\Finn.Medion-PC\...\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]
HKU\Finn.Medion-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Finn.Medion-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Miriam II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Medion\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
URLSearchHook: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
HKCU SearchScopes: DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951
SearchScopes: HKCU - {718950F7-AE55-48DA-8F41-B703D94FF653} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={8C39A798-654B-4DBB-A405-B51541FC5E32}&mid=7d4b16a558d047d6b19ed16f6b5b0cc8-f2b269effa754ae9f58378cbb5609b05236812b2&lang=de&ds=AVG&pr=fr&d=2012-10-10 18:14:44&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TheSea.TheSeaPlugin - {C585D593-E7F3-4852-A200-561686EE02E4} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -FreeSoundRecorder Toolbar - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKCU -DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
PDF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default
FF SearchEngine: Google
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: Delta Toolbar - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\ffxtlbr@delta.com
FF Extension: No Name - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\foxmarks@kei.com
FF Extension: No Name - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\staged
FF Extension: FreeSoundRecorder Community Toolbar - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
FF Extension: Yahoo! Toolbar - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: DVDVideoSoftTB Community Toolbar - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: No Name - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: toolbar_ORJ-V7 - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
FF Extension: webbooster - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\webbooster@iminent.com.xpi
Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\gears.dll (Google Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0
CHR Extension: (Read Later Fast) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.8_0
CHR Extension: (Delta Toolbar) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (DealPly Shopping) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0
CHR Extension: (Friends Mural for Facebook) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhkjheddgkdhejgollcmdnhmpfagaed\0.9.5_0
CHR Extension: (Picnik Photo Editor) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.3_0
CHR Extension: (Autodesk Homestyler) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\1.5_0
CHR Extension: (AT_KojiNishida) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdhmimpfmefmegcdgmbohplkcbpgpjb\2_0
CHR Extension: (Rename title) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.6.2_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0
CHR Extension: (Cooliris) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.2.44674_0
CHR Extension: (Todo.ly) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0
CHR Extension: (DVDVideoSoftTB) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.18.20_1
========================== Services (Whitelisted) =================
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-07] (APN LLC.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-09-28] (Flexera Software, Inc.)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-17] (SMART Technologies)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2010-03-30] (IDT, Inc.)
R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-06-27] (AVG Technologies)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2012-03-21] (SMART Technologies ULC)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2012-03-21] (SMART Technologies ULC)
R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2012-03-21] (SMART Technologies ULC)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 uxddrv; \??\E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 12:10 - 2013-07-23 12:10 - 00000000 ____D C:\FRST
2013-07-23 12:09 - 2013-07-23 12:10 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (3).exe
2013-07-23 12:09 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (2).exe
2013-07-23 10:35 - 2013-07-23 10:35 - 00016746 ____A C:\Users\Medion\Desktop\Logfiles.rar
2013-07-22 23:30 - 2013-07-22 23:30 - 00008902 ____A C:\Users\Medion\Desktop\gmer.log
2013-07-22 12:37 - 2013-07-22 12:37 - 00003408 ____N C:\bootsqm.dat
2013-07-22 12:07 - 2013-07-22 12:07 - 00000005 ____A C:\Users\Medion\AppData\Roaming\WBPU-TTL.DAT
2013-07-22 12:04 - 2013-07-22 12:04 - 00377856 ____A C:\Users\Medion\Desktop\gmer_2.1.19163.exe
2013-07-22 12:01 - 2013-07-22 12:01 - 00131504 ____A C:\Users\Medion\Desktop\OTL.Txt
2013-07-22 12:00 - 2013-07-22 12:00 - 00086788 ____A C:\Users\Medion\Desktop\Extras.Txt
2013-07-22 11:53 - 2013-07-22 11:53 - 00086788 ____A C:\Users\Medion\Downloads\Extras.Txt
2013-07-22 11:52 - 2013-07-22 11:52 - 00131504 ____A C:\Users\Medion\Downloads\OTL.Txt
2013-07-22 11:32 - 2013-07-22 11:32 - 00602112 ____A (OldTimer Tools) C:\Users\Medion\Downloads\OTL.exe
2013-07-22 11:26 - 2013-07-22 11:30 - 00000474 ____A C:\Users\Medion\Downloads\defogger_disable.log
2013-07-22 11:26 - 2013-07-22 11:26 - 00000000 ____A C:\Users\Medion\defogger_reenable
2013-07-22 11:24 - 2013-07-22 11:24 - 00050477 ____A C:\Users\Medion\Downloads\Defogger (1).exe
2013-07-22 11:23 - 2013-07-22 11:23 - 00050477 ____A C:\Users\Medion\Downloads\Defogger.exe
2013-07-22 11:09 - 2013-07-23 11:13 - 00001184 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-22 11:09 - 2013-07-23 11:13 - 00001088 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Zip Opener Packages
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\Program Files\Delta
2013-07-22 11:08 - 2013-07-23 11:13 - 00001884 ____A C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-22 11:08 - 2013-07-23 11:13 - 00001808 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-22 11:08 - 2013-07-23 11:13 - 00001188 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-22 11:08 - 2013-07-22 11:09 - 00000000 ____D C:\Program Files\Plus-HD-2.3
2013-07-22 11:08 - 2013-07-22 11:08 - 00001072 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-07-22 11:08 - 2013-07-22 11:08 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Delta
2013-07-22 11:08 - 2013-07-22 11:08 - 00000000 ____D C:\Users\Medion\AppData\Roaming\DealPly
2013-07-22 11:08 - 2013-07-22 11:08 - 00000000 ____D C:\Program Files\DealPly
2013-07-22 11:07 - 2013-07-23 12:07 - 00000290 ____A C:\Windows\Tasks\DSite.job
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\Users\Medion\AppData\Roaming\DSite
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\ProgramData\Babylon
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\Program Files\OpenIt
2013-07-22 11:06 - 2013-07-22 11:06 - 00793536 ____A C:\Users\Medion\Downloads\ZipOpenerSetup.exe
2013-07-20 00:24 - 2013-07-20 00:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-20 00:24 - 2013-07-20 00:24 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-07-20 00:22 - 2013-07-20 00:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-20 00:22 - 2013-07-20 00:21 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-20 00:22 - 2013-07-20 00:21 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-19 23:59 - 2013-07-19 23:59 - 01492584 ____A (Skype Technologies S.A.) C:\Users\Medion\Downloads\SkypeSetup(1).exe
2013-07-19 23:56 - 2013-07-19 23:57 - 00903080 ____A (Oracle Corporation) C:\Users\Medion\Downloads\jxpiinstall.exe
2013-07-19 01:09 - 2013-07-19 01:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-19 01:08 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-19 01:02 - 2013-07-19 01:02 - 00393424 ____A (Softonic ) C:\Users\Medion\Downloads\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
2013-07-18 17:46 - 2013-07-22 19:13 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-18 17:46 - 2013-07-18 17:46 - 00001012 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2013-07-18 17:46 - 2013-07-18 17:46 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Spyware Terminator
2013-07-18 17:46 - 2011-06-21 11:24 - 00032768 ____A C:\Windows\System32\Drivers\sp_rsdrv2.sys
2013-07-18 17:42 - 2013-07-18 17:46 - 00000000 ____D C:\Program Files\Spyware Terminator
2013-07-14 13:30 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-14 13:30 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-14 13:30 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-14 13:30 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-13 20:15 - 2013-06-05 05:05 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-13 20:15 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-13 20:15 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-13 20:15 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-07 21:53 - 2013-07-07 21:56 - 69388552 ____A C:\Users\Miriam II\Downloads\Spanisch - Barcelona erleben.wma
2013-07-07 21:52 - 2013-07-07 22:11 - 529175960 ____A C:\Users\Miriam II\Downloads\Tiefer Schmerz.wma
2013-07-07 21:52 - 2013-07-07 21:55 - 60615191 ____A C:\Users\Miriam II\Downloads\Dein Gehirn bist Du!.wma
2013-07-03 17:37 - 2013-07-03 17:38 - 21933464 ____A (Mozilla) C:\Users\Miriam II\Downloads\Firefox Setup 22.0_de.exe
2013-07-01 23:52 - 2013-07-01 23:52 - 00937232 ____A (Crawler.com ) C:\Users\Medion\Desktop\SpywareTerminatorSetup.exe
2013-07-01 23:51 - 2013-07-01 23:51 - 00393064 ____A (Softonic ) C:\Users\Miriam II\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2013-06-29 23:17 - 2013-07-01 16:41 - 00024129 ____A C:\Users\Miriam II\Documents\Finanzübersicht 2013.xlsx
2013-06-29 22:33 - 2013-06-29 22:33 - 00000000 ____D C:\Users\Miriam II\Documents\2013-06 (Jun)
2013-06-29 18:50 - 2013-06-29 18:50 - 00000851 ____A C:\Users\Miriam II\.recently-used.xbel
2013-06-28 15:20 - 2013-06-28 15:20 - 00000000 ____D C:\Users\Medion\AppData\Local\DriverTuner
2013-06-28 15:18 - 2013-06-28 15:18 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup(1).exe
2013-06-28 15:15 - 2013-06-28 15:15 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup.exe
2013-06-27 17:57 - 2013-06-27 17:58 - 00000000 ____D C:\Users\Miriam II\Documents\Finn
2013-06-27 14:22 - 2013-06-27 14:24 - 00003716 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
==================== One Month Modified Files and Folders ========
2013-07-23 12:10 - 2013-07-23 12:10 - 00000000 ____D C:\FRST
2013-07-23 12:10 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (3).exe
2013-07-23 12:09 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (2).exe
2013-07-23 12:07 - 2013-07-22 11:07 - 00000290 ____A C:\Windows\Tasks\DSite.job
2013-07-23 12:00 - 2012-08-16 09:21 - 00000000 ____D C:\Users\Miriam II\AppData\Roaming\Dropbox
2013-07-23 11:18 - 2012-03-31 16:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 11:17 - 2012-03-31 16:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-07-23 11:17 - 2011-05-18 10:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-07-23 11:17 - 2011-04-06 10:32 - 00000000 ____D C:\Users\Medion\AppData\Local\Adobe
2013-07-23 11:14 - 2012-08-16 09:46 - 00000000 ___RD C:\Users\Miriam II\Dropbox
2013-07-23 11:13 - 2013-07-22 11:09 - 00001184 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-23 11:13 - 2013-07-22 11:09 - 00001088 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-23 11:13 - 2013-07-22 11:08 - 00001884 ____A C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-23 11:13 - 2013-07-22 11:08 - 00001808 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-23 11:13 - 2013-07-22 11:08 - 00001188 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-23 11:13 - 2013-06-06 17:23 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-07-23 11:13 - 2013-06-03 21:50 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-23 11:05 - 2011-04-14 21:53 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Skype
2013-07-23 11:05 - 2011-04-06 10:28 - 00000000 ____D C:\users\Medion
2013-07-23 11:03 - 2011-04-06 10:26 - 01854573 ____A C:\Windows\WindowsUpdate.log
2013-07-23 10:35 - 2013-07-23 10:35 - 00016746 ____A C:\Users\Medion\Desktop\Logfiles.rar
2013-07-23 09:39 - 2009-07-14 06:34 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 09:39 - 2009-07-14 06:34 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 09:38 - 2011-04-14 17:26 - 00000000 ____D C:\ProgramData\MFAData
2013-07-23 09:31 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-23 09:31 - 2009-07-14 06:39 - 00114247 ____A C:\Windows\setupact.log
2013-07-23 01:01 - 2013-04-30 09:27 - 00000000 ____D C:\Users\Medion\AppData\Local\Deployment
2013-07-22 23:30 - 2013-07-22 23:30 - 00008902 ____A C:\Users\Medion\Desktop\gmer.log
2013-07-22 19:13 - 2013-07-18 17:46 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-22 12:37 - 2013-07-22 12:37 - 00003408 ____N C:\bootsqm.dat
2013-07-22 12:07 - 2013-07-22 12:07 - 00000005 ____A C:\Users\Medion\AppData\Roaming\WBPU-TTL.DAT
2013-07-22 12:04 - 2013-07-22 12:04 - 00377856 ____A C:\Users\Medion\Desktop\gmer_2.1.19163.exe
2013-07-22 12:01 - 2013-07-22 12:01 - 00131504 ____A C:\Users\Medion\Desktop\OTL.Txt
2013-07-22 12:00 - 2013-07-22 12:00 - 00086788 ____A C:\Users\Medion\Desktop\Extras.Txt
2013-07-22 11:53 - 2013-07-22 11:53 - 00086788 ____A C:\Users\Medion\Downloads\Extras.Txt
2013-07-22 11:52 - 2013-07-22 11:52 - 00131504 ____A C:\Users\Medion\Downloads\OTL.Txt
2013-07-22 11:32 - 2013-07-22 11:32 - 00602112 ____A (OldTimer Tools) C:\Users\Medion\Downloads\OTL.exe
2013-07-22 11:30 - 2013-07-22 11:26 - 00000474 ____A C:\Users\Medion\Downloads\defogger_disable.log
2013-07-22 11:26 - 2013-07-22 11:26 - 00000000 ____A C:\Users\Medion\defogger_reenable
2013-07-22 11:24 - 2013-07-22 11:24 - 00050477 ____A C:\Users\Medion\Downloads\Defogger (1).exe
2013-07-22 11:23 - 2013-07-22 11:23 - 00050477 ____A C:\Users\Medion\Downloads\Defogger.exe
2013-07-22 11:11 - 2012-10-10 18:07 - 00000000 ____D C:\Users\Medion\AppData\Local\Avg2013
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Zip Opener Packages
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\Program Files\Delta
2013-07-22 11:09 - 2013-07-22 11:08 - 00000000 ____D C:\Program Files\Plus-HD-2.3
2013-07-22 11:08 - 2013-07-22 11:08 - 00001072 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-07-22 11:08 - 2013-07-22 11:08 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Delta
2013-07-22 11:08 - 2013-07-22 11:08 - 00000000 ____D C:\Users\Medion\AppData\Roaming\DealPly
2013-07-22 11:08 - 2013-07-22 11:08 - 00000000 ____D C:\Program Files\DealPly
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\Users\Medion\AppData\Roaming\DSite
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\ProgramData\Babylon
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\Program Files\OpenIt
2013-07-22 11:06 - 2013-07-22 11:06 - 00793536 ____A C:\Users\Medion\Downloads\ZipOpenerSetup.exe
2013-07-22 10:25 - 2011-04-14 19:57 - 00144640 ____A C:\Users\Medion\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 20:18 - 2011-08-24 19:26 - 00000000 ____D C:\Users\Miriam II\AppData\Roaming\HpUpdate
2013-07-20 09:24 - 2011-04-26 14:29 - 00144640 ____A C:\Users\Miriam II\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 08:58 - 2009-07-14 06:33 - 00483896 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-20 00:24 - 2013-07-20 00:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-20 00:24 - 2013-07-20 00:24 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-07-20 00:22 - 2013-07-20 00:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-20 00:21 - 2013-07-20 00:22 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-20 00:21 - 2013-07-20 00:22 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-20 00:21 - 2010-05-05 19:09 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-20 00:21 - 2010-05-05 19:09 - 00000000 ____D C:\Program Files\Java
2013-07-20 00:20 - 2010-05-05 17:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-20 00:12 - 2011-11-23 18:22 - 00000000 ____D C:\ProgramData\Lernwerkstatt 8
2013-07-19 23:59 - 2013-07-19 23:59 - 01492584 ____A (Skype Technologies S.A.) C:\Users\Medion\Downloads\SkypeSetup(1).exe
2013-07-19 23:57 - 2013-07-19 23:56 - 00903080 ____A (Oracle Corporation) C:\Users\Medion\Downloads\jxpiinstall.exe
2013-07-19 23:57 - 2013-05-23 07:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-19 23:52 - 2012-02-01 20:14 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-19 22:28 - 2012-11-18 19:32 - 00000000 ____D C:\Users\Finn.Medion-PC\AppData\Roaming\.minecraft
2013-07-19 08:43 - 2010-05-05 19:37 - 00218344 ____A C:\Windows\PFRO.log
2013-07-19 01:09 - 2013-07-19 01:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-19 01:05 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-07-19 01:02 - 2013-07-19 01:02 - 00393424 ____A (Softonic ) C:\Users\Medion\Downloads\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
2013-07-18 17:46 - 2013-07-18 17:46 - 00001012 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2013-07-18 17:46 - 2013-07-18 17:46 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Spyware Terminator
2013-07-18 17:46 - 2013-07-18 17:42 - 00000000 ____D C:\Program Files\Spyware Terminator
2013-07-14 14:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-14 13:58 - 2010-05-05 19:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 13:57 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 13:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 13:33 - 2010-05-05 18:08 - 01520734 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-14 13:31 - 2010-05-05 18:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-14 13:27 - 2010-05-05 19:33 - 75699896 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-07 22:11 - 2013-07-07 21:52 - 529175960 ____A C:\Users\Miriam II\Downloads\Tiefer Schmerz.wma
2013-07-07 21:56 - 2013-07-07 21:53 - 69388552 ____A C:\Users\Miriam II\Downloads\Spanisch - Barcelona erleben.wma
2013-07-07 21:55 - 2013-07-07 21:52 - 60615191 ____A C:\Users\Miriam II\Downloads\Dein Gehirn bist Du!.wma
2013-07-05 18:30 - 2012-09-30 20:29 - 00000000 ____D C:\Users\Miriam II\AppData\Local\Deployment
2013-07-04 12:41 - 2012-09-26 17:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 17:38 - 2013-07-03 17:37 - 21933464 ____A (Mozilla) C:\Users\Miriam II\Downloads\Firefox Setup 22.0_de.exe
2013-07-01 23:52 - 2013-07-01 23:52 - 00937232 ____A (Crawler.com ) C:\Users\Medion\Desktop\SpywareTerminatorSetup.exe
2013-07-01 23:51 - 2013-07-01 23:51 - 00393064 ____A (Softonic ) C:\Users\Miriam II\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2013-07-01 16:41 - 2013-06-29 23:17 - 00024129 ____A C:\Users\Miriam II\Documents\Finanzübersicht 2013.xlsx
2013-07-01 15:01 - 2012-09-11 21:45 - 00000000 ____D C:\Users\Miriam II\Documents\Krankenversicherung
2013-07-01 14:43 - 2011-09-05 21:15 - 00000000 ____D C:\Users\Miriam II\Documents\Eigene Scans
2013-06-29 22:47 - 2011-05-01 22:56 - 00000000 ____D C:\Users\Miriam II\.gimp-2.6
2013-06-29 22:33 - 2013-06-29 22:33 - 00000000 ____D C:\Users\Miriam II\Documents\2013-06 (Jun)
2013-06-29 18:50 - 2013-06-29 18:50 - 00000851 ____A C:\Users\Miriam II\.recently-used.xbel
2013-06-29 18:50 - 2011-04-25 12:50 - 00000000 ____D C:\users\Miriam II
2013-06-29 14:32 - 2011-07-08 21:38 - 00000000 ____D C:\Users\Miriam II\Documents\Kontoauszüge
2013-06-28 16:13 - 2013-05-09 15:30 - 00000000 ____D C:\Program Files\Iminent
2013-06-28 16:05 - 2013-05-14 20:52 - 00000000 ___RD C:\Program Files\Skype
2013-06-28 16:05 - 2011-04-14 21:52 - 00000000 ____D C:\ProgramData\Skype
2013-06-28 15:54 - 2012-06-09 13:21 - 00000000 ____D C:\Users\Medion\AppData\Local\AVG Secure Search
2013-06-28 15:53 - 2013-05-09 15:31 - 00000862 ____A C:\Windows\System32\InstallUtil.InstallLog
2013-06-28 15:23 - 2013-05-09 15:32 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2013-06-28 15:20 - 2013-06-28 15:20 - 00000000 ____D C:\Users\Medion\AppData\Local\DriverTuner
2013-06-28 15:18 - 2013-06-28 15:18 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup(1).exe
2013-06-28 15:15 - 2013-06-28 15:15 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup.exe
2013-06-27 17:58 - 2013-06-27 17:57 - 00000000 ____D C:\Users\Miriam II\Documents\Finn
2013-06-27 17:57 - 2012-09-28 11:18 - 00000000 ____D C:\Users\Miriam II\Documents\car to go
2013-06-27 14:28 - 2012-06-10 13:37 - 00000000 ____D C:\Users\Miriam II\AppData\Local\AVG Secure Search
2013-06-27 14:24 - 2013-06-27 14:22 - 00003716 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-06-27 14:22 - 2012-10-10 18:14 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-06-27 14:22 - 2012-10-10 18:14 - 00000000 ____D C:\Program Files\AVG Secure Search
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-07-13 23:15
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-06-2013 02 Ran by Medion at 2013-07-23 12:13:42 Run: Running from C:\Users\Medion\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 32 Bit HP CIO Components Installer (Version: 7.1.8) Adobe AIR (Version: 3.4.0.2540) Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) Apple Application Support (Version: 2.1.9) Apple Mobile Device Support (Version: 5.2.0.6) Apple Software Update (Version: 2.1.3.127) Ask Toolbar (Version: 12.0.1.100) Audacity 1.2.6 AVG 2013 (Version: 13.0.3204) AVG 2013 (Version: 13.0.3349) AVG 2013 (Version: 2013.0.3349) AVG Security Toolbar (Version: 15.3.0.11) Avidemux 2.5 (Version: 2.5.4.6714) B110 (Version: 140.0.283.000) BF Leselernprogramme 2.0 BF Mathelernprogramme 2.0 Bonjour (Version: 3.0.0.10) BrowserDefender BufferChm (Version: 140.0.212.000) Cisco EAP-FAST Module (Version: 2.2.14) Cisco LEAP Module (Version: 1.0.19) Cisco PEAP Module (Version: 1.1.6) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) CyberLink LabelPrint (Version: 2.5.2602) CyberLink Power2Go (Version: 6.1.3602c) CyberLink PowerDVD Copy (Version: 1.5.1306) CyberLink YouCam (Version: 3.0.2609) DealPly (remove only) (Version: 4.8.6.1) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Delta Chrome Toolbar Delta toolbar (Version: 1.8.21.5) Destinations (Version: 140.0.77.000) DeviceDiscovery (Version: 140.0.212.000) Disney/Pixar OBEN (Version: 1.00.0000) Dragonshard (Version: 1.1.12) DVDVideoSoftTB Toolbar (Version: 6.8.10.401) ElsterFormular für Privatanwender (Version: 12.2.1.6570p) Finger Sensing Pad Driver (Version: 8.5.4.0) Free Sound Recorder v9.2.7 Free YouTube to MP3 Converter version 3.11.34.1015 (Version: 3.11.34.1015) FreeSoundRecorder Toolbar (Version: 6.8.2.0) G DATA Logox4 Speechengine GameXN GO GIMP 2.6.11 (Version: 2.6.11) Google Chrome (Version: 10.0.648.204) GPBaseService2 (Version: 140.0.211.000) Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) HotPotatoes v 6.3.0.5 HP Customer Participation Program 14.0 (Version: 14.0) HP Imaging Device Functions 14.0 (Version: 14.0) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0) HP Product Detection (Version: 11.14.0001) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 14.0 (Version: 14.0) HP Update (Version: 5.003.001.001) HPAppStudio (Version: 140.0.95.000) HPDiagnosticAlert (Version: 1.00.0000) HPPhotoGadget (Version: 140.0.524.000) HPProductAssistant (Version: 140.0.212.000) HPSSupply (Version: 140.0.211.000) HUAWEI DataCard Driver 4.20.12.00 (Version: 4.20.12.00) iCF Skin Pack iCloud (Version: 1.1.0.40) iColorFolder IDS Intelligence and Development Scales (Version: 1.0.0.1) IDT Audio (Version: 1.0.6208.0) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2302) Intel(R) Rapid Storage Technology (Version: 9.6.0.1014) Intel(R) TV Wizard iTunes (Version: 10.6.3.25) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JDownloader 0.9 (Version: 0.9) JMicron Flash Media Controller Driver (Version: 1.0.32.1) Junk Mail filter update (Version: 14.0.8089.726) Launch Manager V1.5.0.5 (Version: 1.5.0.5) Lesehaus (Version: 1.00.0000) Lurs-Minimator (Version: 1.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 140.0.212.000) Marvell Miniport Driver (Version: 11.24.5.3) McAfee Security Scan Plus (Version: 3.0.318.3) Medion Home Cinema (Version: 8.0.1318) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Live Add-in 1.4 (Version: 2.0.3008.0) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Suite Activation Assistant (Version: 2.9) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Outlook Social Connector Provider for Facebook 32-bit (Version: 14.0.5117.5000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) Mobile Connection Manager MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) Mozilla Thunderbird 17.0 (x86 de) (Version: 17.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Network (Version: 140.0.215.000) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) Open It! (Version: 1.1.1) PC Connectivity Solution (Version: 8.15.0.0) PDFCreator (Version: 1.5.0) PlayReady PC Runtime x86 (Version: 1.3.0) Plus-HD-2.3 (Version: 1.27.153.8) PS_AIO_07_B110_SW_Min (Version: 140.0.142.000) Qtrax Connection Manager (Version: 20.13.07.02) Qtrax Player QuickTime (Version: 7.72.80.56) QuickTransfer (Version: 140.0.98.000) REALTEK Wireless LAN Driver (Version: 1.00.0148) Safari (Version: 5.34.57.2) SAMSUNG Mobile Composite Device Software Samsung Mobile Modem Device Software SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Drive Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung New PC Studio (Version: 1.00.0000) SAMSUNG USB Mobile Device Software SamsungConnectivityCableDriver (Version: 6.83.6.2.1) Scan (Version: 140.0.80.000) Schreib- und Leselabor 2 (Version: 2.00.0000) Shop for HP Supplies (Version: 14.0) simfy (Version: 1.6.10) Skype™ 6.5 (Version: 6.5.158) SMART Common Files (Version: 11.1.34.1) SMART German Language Pack (Version: 11.0.50.1) SMART Ink (Version: 1.1.233.0) SMART Notebook (Version: 11.0.705.1) SMART Product Drivers (Version: 11.0.510.2) SMART Product Update (Version: 5.0.108.0) SmartTools Publishing • Word Falz & Lochmarken-Assistent (Version: v6.50) SmartWebPrinting (Version: 140.0.186.000) SolutionCenter (Version: 140.0.214.000) Spybot - Search & Destroy (Version: 1.6.2) Spyware Terminator 2012 (Version: 3.0.0.82) Status (Version: 140.0.256.000) Synaptics Pointing Device Driver (Version: 14.0.19.0) The Sea App (Internet Explorer) TomTom HOME 2.8.3.2499 (Version: 2.8.3.2499) TomTom HOME Visual Studio Merge Modules (Version: 1.0.2) Toolbox (Version: 140.0.428.000) TrayApp (Version: 140.0.212.000) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Zip Opener VLC media player 1.1.11 (Version: 1.1.11) WEB.DE Club SmartFax (Version: 2.00.223) WebReg (Version: 140.0.212.017) Winamp (Version: 5.622 ) Winamp Erkennungs-Plug-in (Version: 1.0.0.1) Windows Live Call (Version: 14.0.8064.0206) Windows Live Communications Platform (Version: 14.0.8064.206) Windows Live Essentials (Version: 14.0.8089.0726) Windows Live Essentials (Version: 14.0.8089.726) Windows Live Fotogalerie (Version: 14.0.8081.709) Windows Live ID-Anmelde-Assistent (Version: 6.500.3146.0) Windows Live Mail (Version: 14.0.8089.0726) Windows Live Messenger (Version: 14.0.8089.0726) Windows Live Movie Maker (Version: 14.0.8091.0730) Windows Live Sync (Version: 14.0.8089.726) Windows Live Writer (Version: 14.0.8089.0726) Windows Live-Uploadtool (Version: 14.0.8014.1029) Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0) WinRAR 4.00 (32-Bit) (Version: 4.00.0) Zip Opener Packages Zip Opener Packages 82 ==================== Restore Points ========================= 02-07-2013 13:32:17 Windows Defender Checkpoint 05-07-2013 08:16:59 Windows Update 13-07-2013 21:22:21 Geplanter Prüfpunkt 14-07-2013 11:20:14 Windows Update 19-07-2013 06:48:40 Windows Update 19-07-2013 21:56:10 Removed Java(TM) 6 Update 29 19-07-2013 22:00:53 Entfernt Lernwerkstatt 8 19-07-2013 22:21:03 Installed Java 7 Update 25 23-07-2013 09:01:49 Windows Update ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/23/2013 11:08:07 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x17f4 Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0 Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1 Pfad des fehlerhaften Moduls: UPDATE~1.EXE2 Berichtskennung: UPDATE~1.EXE3 Error: (07/23/2013 00:46:32 AM) (Source: Application Hang) (User: ) Description: Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 490 Startzeit: 01ce872357fb98d1 Endzeit: 60000 Anwendungspfad: UNKNOWN Berichts-ID: 17131645-f320-11e2-b997-00262dbfe53b Error: (07/22/2013 11:25:52 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/22/2013 00:24:17 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 136032 Error: (07/22/2013 00:24:17 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 136032 Error: (07/22/2013 00:24:17 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/22/2013 00:24:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 135018 Error: (07/22/2013 00:24:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 135018 Error: (07/22/2013 00:24:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/22/2013 00:22:02 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 System errors: ============= Error: (07/23/2013 11:17:15 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:17:06 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:16:24 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:16:24 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:16:23 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:16:23 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:16:15 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:16:14 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:15:40 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Error: (07/23/2013 11:15:38 AM) (Source: DCOM) (User: Medion-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Medion-PCMiriam IIS-1-5-21-634998973-2183486359-2024787897-1004LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (07/23/2013 11:08:07 AM) (Source: Application Error)(User: ) Description: UPDATE~1.EXE0.0.0.02a425e19unknown0.0.0.000000000c00000050000000017f401ce878421add904C:\Users\Medion\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXEunknown6338316c-f377-11e2-bd5d-00262dbfe53b Error: (07/23/2013 00:46:32 AM) (Source: Application Hang)(User: ) Description: UNKNOWN0.0.0.049001ce872357fb98d160000UNKNOWN17131645-f320-11e2-b997-00262dbfe53b Error: (07/22/2013 11:25:52 PM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Common Files\SMART Technologies\Support\dpinst64.exe Error: (07/22/2013 00:24:17 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 136032 Error: (07/22/2013 00:24:17 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 136032 Error: (07/22/2013 00:24:17 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/22/2013 00:24:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 135018 Error: (07/22/2013 00:24:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 135018 Error: (07/22/2013 00:24:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/22/2013 00:22:02 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 CodeIntegrity Errors: =================================== Date: 2013-07-08 01:02:14.997 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:14.717 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:14.447 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:14.177 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:13.907 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:13.637 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:13.367 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:13.097 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:00:30.441 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:00:30.181 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 71% Total physical RAM: 3004.87 MB Available physical RAM: 843.37 MB Total Pagefile: 6008.03 MB Available Pagefile: 2792.77 MB Total Virtual: 2047.88 MB Available Virtual: 1892.23 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:266.99 GB) (Free:150.82 GB) NTFS Drive d: (Recover) (Fixed) (Total:30 GB) (Free:22.44 GB) NTFS Drive e: (H.Potter_6) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 6256C65D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=267 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ |
|
23.07.2013, 12:00
| #4 | |
| /// the machine /// TB-Ausbilder | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2013, 13:19
| #5 |
| | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Nochmal eine doofe Frage. An dem Computer sind mehrere Benutzer angemeldet. Muss ich das für jeden Benutzer machen oder reicht es wenn ich es als Admin einmal mache? Hier die Logdatei von ComboFix Code:
ATTFilter ComboFix 13-07-22.01 - Medion 23.07.2013 13:56:57.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3005.1790 [GMT 2:00]
ausgeführt von:: c:\users\Medion\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyIE64.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\DealPlyUpdateVer.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\users\Finn.Medion-PC\AppData\Local\assembly\tmp\1RSB9L0X\__AssemblyInfo__.ini
c:\users\Finn.Medion-PC\AppData\Local\assembly\tmp\1RSB9L0X\SBSDKProxyCommon.DLL
c:\users\Finn.Medion-PC\AppData\Local\assembly\tmp\QOFP1T7P\__AssemblyInfo__.ini
c:\users\Finn.Medion-PC\AppData\Local\assembly\tmp\QOFP1T7P\SMARTInkBase.DLL
c:\users\Mika\AppData\Local\lame_enc.dll
c:\users\Mika\AppData\Local\no23xwrapper.dll
c:\users\Mika\AppData\Local\ogg.dll
c:\users\Mika\AppData\Local\vorbis.dll
c:\users\Mika\AppData\Local\vorbisenc.dll
c:\users\Mika\AppData\Local\vorbisfile.dll
c:\users\Miriam II\AppData\Local\assembly\tmp\0AYIKRIA\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\0AYIKRIA\SMARTInk-PowerPoint-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\0LQ3DFO3\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\0LQ3DFO3\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\0VWFCYYK\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\0VWFCYYK\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\0WG1AVES\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\0WG1AVES\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\0YEFIIMO\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\0YEFIIMO\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\28RSSCKC\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\28RSSCKC\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\2L2SBSUU\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\2L2SBSUU\SMARTInkComms.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\39WUKFA7\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\39WUKFA7\SBSDKProxyCommon.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\3KX9C3DU\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\3KX9C3DU\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\41G3LONH\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\41G3LONH\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\4V24DJYK\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\4V24DJYK\SMARTInkBase.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\600CT34U\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\600CT34U\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\64J3XBDE\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\64J3XBDE\SBSDKProxyCommon.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\64VYP3Y2\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\64VYP3Y2\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\7AL0VFN2\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\7AL0VFN2\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\92AEMSJ9\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\92AEMSJ9\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\989SV9VA\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\989SV9VA\PPTToolbar.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\A4MFU6P6\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\A4MFU6P6\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\A6C8FD1L\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\A6C8FD1L\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\A76SGK66\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\A76SGK66\SMARTInkBase.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\B2T0QDTB\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\B2T0QDTB\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\BZRSUYVI\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\BZRSUYVI\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\C2MUYN7K\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\C2MUYN7K\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\CHTW6RGM\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\CHTW6RGM\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\DN3IVCIP\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\DN3IVCIP\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\DS3K55QB\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\DS3K55QB\SMARTInkComms.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\E209QTHE\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\E209QTHE\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\EAOUPX47\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\EAOUPX47\SMARTInkBase.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\EBCL3CZL\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\EBCL3CZL\SBSDKProxyCommon.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\EUMJOTYZ\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\EUMJOTYZ\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\FCL7FZY9\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\FCL7FZY9\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\GWX4OGWE\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\GWX4OGWE\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\HE0B0JPH\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\HE0B0JPH\SMARTInkComms.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\J44IEP0S\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\J44IEP0S\SMARTInkComms.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\JKGGKXX2\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\JKGGKXX2\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\KGS1O1FY\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\KGS1O1FY\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\KTRXH8EP\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\KTRXH8EP\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\KVZS05OE\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\KVZS05OE\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\LRP3K2LE\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\LRP3K2LE\SMARTInkBase.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\MTZ7O4LO\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\MTZ7O4LO\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\NHAHBZ7R\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\NHAHBZ7R\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\NIK6THX3\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\NIK6THX3\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\OW44KZ69\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\OW44KZ69\SMARTInkBase.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\PS54P72A\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\PS54P72A\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\Q1HG9L2A\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\Q1HG9L2A\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\RCXD7NRQ\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\RCXD7NRQ\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\RLXYX1BO\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\RLXYX1BO\SMARTInkBase.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\UNWY11WI\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\UNWY11WI\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\V600DMD9\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\V600DMD9\SMARTInkComms.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\VCG44WU1\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\VCG44WU1\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\VTIP1QTZ\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\VTIP1QTZ\SBSDKProxyCommon.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\WXBV4NEC\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\WXBV4NEC\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\WY8OWIQO\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\WY8OWIQO\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\X70MLXF0\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\X70MLXF0\SMARTInkComms.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\Y7SGKRTV\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\Y7SGKRTV\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\YOH4TL77\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\YOH4TL77\SMARTInkComms.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\Z94AVZ7R\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\Z94AVZ7R\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\ZGG362MD\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\ZGG362MD\SMARTInk-Word-All.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\ZGLJVD9R\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\ZGLJVD9R\SBSDKUtilities.DLL
c:\users\Miriam II\AppData\Local\assembly\tmp\ZXT4OJIA\__AssemblyInfo__.ini
c:\users\Miriam II\AppData\Local\assembly\tmp\ZXT4OJIA\SMARTInkBase.DLL
c:\users\Miriam II\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E215C752-6721-4353-9072-17F5AA5DBB30}.xps
c:\users\Miriam II\AppData\Local\Microsoft\Windows\Temporary Internet Files\Kalender.gadget
c:\users\Miriam II\AppData\Local\Microsoft\Windows\Temporary Internet Files\todo.scottipages.gadget
c:\users\Miriam II\Documents\~WRL1401.tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-23 bis 2013-07-23 ))))))))))))))))))))))))))))))
.
.
2013-07-23 12:07 . 2013-07-23 12:07 -------- d-----w- c:\users\Miriam II\AppData\Local\temp
2013-07-23 12:07 . 2013-07-23 12:07 -------- d-----w- c:\users\Finn\AppData\Local\temp
2013-07-23 12:07 . 2013-07-23 12:07 -------- d-----w- c:\users\Finn.Medion-PC\AppData\Local\temp
2013-07-23 12:07 . 2013-07-23 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-23 10:10 . 2013-07-23 10:10 -------- d-----w- C:\FRST
2013-07-23 09:07 . 2013-07-23 09:07 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F2F7F15-EAD1-4766-B3C3-95830F38F488}\offreg.dll
2013-07-23 09:03 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F2F7F15-EAD1-4766-B3C3-95830F38F488}\mpengine.dll
2013-07-22 09:09 . 2013-07-22 09:09 -------- d-----w- c:\users\Medion\AppData\Roaming\Zip Opener Packages
2013-07-22 09:09 . 2013-07-22 09:09 -------- d-----w- c:\programdata\BrowserDefender
2013-07-22 09:09 . 2013-07-22 09:09 -------- d-----w- c:\program files\Delta
2013-07-22 09:08 . 2013-07-22 09:08 -------- d-----w- c:\users\Medion\AppData\Roaming\Delta
2013-07-22 09:08 . 2013-07-22 09:09 -------- d-----w- c:\program files\Plus-HD-2.3
2013-07-22 09:08 . 2013-07-22 09:08 -------- d-----w- c:\users\Medion\AppData\Roaming\DealPly
2013-07-22 09:07 . 2013-07-22 09:07 -------- d-----w- c:\programdata\Babylon
2013-07-22 09:07 . 2013-07-22 09:07 -------- d-----w- c:\program files\OpenIt
2013-07-22 09:07 . 2013-07-22 09:07 -------- d-----w- c:\users\Medion\AppData\Roaming\DSite
2013-07-19 22:24 . 2013-07-19 22:24 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-07-19 22:24 . 2013-07-19 22:24 -------- d-----w- c:\program files\AskPartnerNetwork
2013-07-19 22:22 . 2013-07-19 22:22 -------- d-----w- c:\program files\Common Files\Java
2013-07-19 22:22 . 2013-07-19 22:21 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-19 22:22 . 2013-07-19 22:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-18 23:09 . 2013-07-18 23:09 -------- d-----w- c:\users\Medion\AppData\Roaming\Malwarebytes
2013-07-18 23:08 . 2013-07-18 23:08 -------- d-----w- c:\programdata\Malwarebytes
2013-07-18 23:08 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-18 23:08 . 2013-07-18 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-18 23:08 . 2013-07-18 23:08 -------- d-----w- c:\users\Medion\AppData\Local\Programs
2013-07-18 15:46 . 2013-07-23 10:45 -------- d-----w- c:\programdata\Spyware Terminator
2013-07-18 15:46 . 2013-07-18 15:46 -------- d-----w- c:\users\Medion\AppData\Roaming\Spyware Terminator
2013-07-18 15:46 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2013-07-18 15:42 . 2013-07-18 15:46 -------- d-----w- c:\program files\Spyware Terminator
2013-07-13 18:15 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-13 18:15 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-13 18:15 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-13 18:15 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-13 18:15 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 18:15 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 18:15 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 18:15 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 18:15 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-13 18:15 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-13 18:15 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-03 15:39 . 2013-06-18 19:10 65536 ----a-w- c:\program files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
2013-06-28 13:20 . 2013-06-28 13:20 -------- d-----w- c:\users\Medion\AppData\Local\DriverTuner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-23 09:17 . 2012-03-31 14:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-23 09:17 . 2011-05-18 08:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 22:21 . 2010-05-05 17:09 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-27 12:22 . 2012-10-10 16:14 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-13 04:45 . 2013-06-11 18:26 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 18:26 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-11 18:26 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-11 18:26 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 18:26 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-11 18:26 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-11 18:26 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-11 18:26 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-11 18:26 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 00:06 . 2010-05-05 17:25 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 04:55 . 2013-06-11 18:26 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-11 18:27 1505280 ----a-w- c:\windows\system32\d3d11.dll
2003-03-21 11:45 . 2013-02-20 16:44 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}]
2011-05-09 08:49 176936 ----a-w- c:\program files\FreeSoundRecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-27 12:22 3055280 ----a-w- c:\program files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-06-27 3055280]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32B29DF0-2237-4370-9A29-37CEBB730E9B}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-05-09 176936]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"QtraxNotification"="c:\users\Medion\Qtrax\Player\Notification.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-30 495728]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-06-27 2236080]
"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-10-17 2219416]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-10-25 98200]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"sbsdk-server"="c:\program files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" [2012-10-17 62360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-06-06 1541584]
.
c:\users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2012-9-20 30785672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2012-02-23 09:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 12:21 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
2009-08-19 13:42 192000 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrVolOSD]
2009-07-07 08:44 343552 ----a-w- c:\program files\Launch Manager\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2009-08-05 14:08 413696 ----a-w- c:\program files\Launch Manager\WButton.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-05-13 4937264]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 83168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 208896]
R3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-11-06 42496]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-15 1343400]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-03-04 113152]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-02-08 60216]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-02-08 245048]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-02-08 39224]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-03-29 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-02-08 170808]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-06-27 37664]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-06-06 169632]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SMARTHelperService;SMART Helper Service;c:\program files\SMART Technologies\Education Software\SMARTHelperService.exe [2012-10-17 582552]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2013-04-03 587912]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-06-27 1598128]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-10-09 72576]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 116136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2012-03-21 11632]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2012-03-21 14704]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2012-03-21 21872]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-02-15 322336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:17]
.
2013-07-23 c:\windows\Tasks\Plus-HD-2.3-chromeinstaller.job
- c:\program files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-07-22 09:08]
.
2013-07-23 c:\windows\Tasks\Plus-HD-2.3-codedownloader.job
- c:\program files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-07-22 09:08]
.
2013-07-23 c:\windows\Tasks\Plus-HD-2.3-enabler.job
- c:\program files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-07-22 09:09]
.
2013-07-23 c:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
- c:\program files\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-22 09:08]
.
2013-07-23 c:\windows\Tasks\Plus-HD-2.3-updater.job
- c:\program files\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-07-22 09:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - ExtSQL: 2013-06-07 00:58; toolbar_ORJ-V7@apn.ask.com; c:\users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\toolbar_ORJ-V7@apn.ask.com.xpi
FF - ExtSQL: 2013-07-22 11:09; ffxtlbr@delta.com; c:\users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2011-08-17 18:49; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c6f9f0ad0000000000000025d32f37e3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15908
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.511:09
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=210713_nt&tsp=4951
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
SafeBoot-BsScanner
AddRemove-1489-3350-5074-6281 - c:\program files\JDownloader\JDUninstall.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-Delta Chrome Toolbar - c:\users\Medion\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
AddRemove-Qtrax Connection Manager - c:\users\Medion\Qtrax\Player\uninstallnotification.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-23 14:09:54
ComboFix-quarantined-files.txt 2013-07-23 12:09
.
Vor Suchlauf: 12 Verzeichnis(se), 168.513.912.832 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 168.455.909.376 Bytes frei
.
- - End Of File - - 7D470DEB86692D460BE7F6D76447F348
2E0FE7FC299470E30383716B164CF901
|
|
23.07.2013, 14:09
| #6 |
| /// the machine /// TB-Ausbilder | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Admin reicht. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen |
|
23.07.2013, 20:40
| #7 |
| | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Guten Abend, hier die Dateien: AdwCleaner: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 23/07/2013 um 21:03:50 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Medion - MEDION-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Medion\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : APNMCP
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Finn.Medion-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0qtp94bs.default\searchplugins\funmoods.xml
Datei Gelöscht : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\webbooster@iminent.com.xpi
Datei Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Miriam II\AppData\Roaming\Mozilla\Firefox\Profiles\xrnq0niu.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Windows\tasks\Plus-HD-2.3-chromeinstaller.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.3-enabler.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.3-updater.job
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Gelöscht mit Neustart : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Gelöscht mit Neustart : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Ordner Gelöscht : C:\Program Files\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\delta
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\FreeSoundRecorder
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\Plus-HD-2.3
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\LocalLow\FreeSoundRecorder
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Finn.Medion-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0qtp94bs.default\extensions\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\Finn.Medion-PC\Funmoods
Ordner Gelöscht : C:\Users\Medion\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Ordner Gelöscht : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Ordner Gelöscht : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Ordner Gelöscht : C:\Users\Medion\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Users\Medion\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Medion\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Medion\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Medion\AppData\LocalLow\FreeSoundRecorder
Ordner Gelöscht : C:\Users\Medion\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\delta
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\ConduitCommon
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\CT2269050
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\extensions\staged
Ordner Gelöscht : C:\Users\Medion\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Miriam II\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Miriam II\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Miriam II\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Miriam II\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Miriam II\AppData\LocalLow\FreeSoundRecorder
Ordner Gelöscht : C:\Users\Miriam II\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Miriam II\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Miriam II\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Miriam II\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Miriam II\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\8088d0e23cbd15
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FreeSoundRecorder
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\8088d0e23cbd15
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\Software\FreeSoundRecorder
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\InstallIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D00B792-2B7A-4D51-93E5-AFB3A29D08C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FE6C234-967B-4F8B-9599-6E2072202506}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB0BF642-2E62-4CE1-A470-31FF0E09875E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3E583A9-CFA5-478F-834D-BC954108BC67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C6F90025D32F37E3&affID=119357&tt=210713_nt&tsp=4951 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\prefs.js
C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_130100683276316706", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "23-7-2013");
Gelöscht : user_pref("CT2269050.DSInstall", false);
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Fri Jul 19 2013 23:39:23 GMT+0200");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Tue Jul 23 2013 11:07:12 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "13-5-2012");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeHiddenVer", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HPInstall", false);
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2269050.HomepageBeforeUnload", "data:text/plain,browser.startup.homepage=hxxp://de.sear[...]
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Sun May 13 2012 12:58:04 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Jul 22 2013 23:52:37 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Sat Jun 02 2012 18:44:45 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.19.0.3", "Tue Jul 23 2013 11:07:15 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.19.0.3");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.12.2.3");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Mon Jul 22 2013 23:52:35 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "AVG Secure Search");
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Jul 22 2013 23:52:31 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Jul 22 2013 23:52:36 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Tue Jul 23 2013 11:07:11 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1374567152");
Gelöscht : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Jul 19 2013 23:39:10 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN68148791335113573");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 0);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Tue Jul 23 2013 11:07:13 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.autoDisableScopes", 0);
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E2025203[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6A6E6E7175757575");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473707474777B7B7B7B242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3B6D3D6D416B6E407A7645467920484B7C4B25227A53502A54[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6A696C3C734244747A787849734648764E4B217C51");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6A6E6E7175757577757872");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_couponbuddy", "6F6666");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook", "6F6666");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6666");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_pricegong", "6F6666");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_windowshopper", "6F6666");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstatereporttime", "31333734353730343438323935");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_calledsetupservice", "31");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_currentversion", "312E392E302E34");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_eventscache", "7B2233666631313466622D376663312D343162662D[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_existingusersrecoverydone", "31");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_first_time", "31");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_gadgetopen", "77656C636F6D65");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_lastlogintime", "31333734353730343434333037");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_mamenabled", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_settings1.9.0.4", "7B22537461747573223A227375636365656465[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_userid", "31353063373539322D376632332D343830372D383434642[...]
Gelöscht : user_pref("CT2269050.backendstorage.pg_enable", "74727565");
Gelöscht : user_pref("CT2269050.backendstorage.searchappstate", "33");
Gelöscht : user_pref("CT2269050.backendstorage.searchapptracking", "73656E74");
Gelöscht : user_pref("CT2269050.backendstorage.sf_just_installed", "46414C5345");
Gelöscht : user_pref("CT2269050.backendstorage.sf_status", "454E41424C4544");
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "467269204D617920313820323031322031323A[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Fri Jul 19 2013 23:39:23 GMT+0200");
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.navigateToUrlOnSearch", false);
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Mon Jul 22 2013 23:52:37 GMT+0200");
Gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Fri Jul 19 2013 23:39:23 GMT+0200");
Gelöscht : user_pref("CT2269050.usagesFlag", 1);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://newtab.conduit-hosting.com/newtab/?ctid=CT2269050", "\"c1e\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?curre[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9d1[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Medion\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.19.0.3");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=gre[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "ef288a2c-6a3b-4500-8b77-71d6509130ee");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 19 2013 23:40:2[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 22 2013 23:52:36 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "12863f7f-5d0a-43f3-bbfb-589192186c35");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "data:text/plain,browser.startup.homepage=hxxp://de.s[...]
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.3.0.11")[...]
Gelöscht : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Gelöscht : user_pref("extensions.ORJ-V7.domain", "\"www.search.ask.com\"");
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.bbDpng", "23");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.hdrMd5", "75D001988361C90E8BAAB1BF2898B321");
Gelöscht : user_pref("extensions.delta.id", "c6f9f0ad0000000000000025d32f37e3");
Gelöscht : user_pref("extensions.delta.instlDay", "15908");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.511:09:05");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "azb");
Gelöscht : user_pref("extensions.delta.smplGrp", "azb");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.511:09:05");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=210713_nt&tsp=4951");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("extensions.enabledAddons", "%7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10,foxmarks%40[...]
Gelöscht : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...]
Datei : C:\Users\Finn.Medion-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0qtp94bs.default\prefs.js
C:\Users\Finn.Medion-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0qtp94bs.default\user.js ... Gelöscht !
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.3.0.11")[...]
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr%40funmoods.com:1.5.1,%7B635abd67-4fe9-1b23-4f01-e679f[...]
Gelöscht : user_pref("extensions.funmoods.aflt", "ironpub12");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Gelöscht : user_pref("extensions.funmoods.cntry", "DE");
Gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dfltlng", "en");
Gelöscht : user_pref("extensions.funmoods.dfltsrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.fmupdtFirst", false);
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "73AD3E4D9F63A752C4C282E67C05FDEB");
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd[...]
Gelöscht : user_pref("extensions.funmoods.hrdid", "00262DBFE53BF0AD");
Gelöscht : user_pref("extensions.funmoods.id", "00262DBFE53BF0AD");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15722");
Gelöscht : user_pref("extensions.funmoods.instlRef", "ironpub12");
Gelöscht : user_pref("extensions.funmoods.instlday", "15722");
Gelöscht : user_pref("extensions.funmoods.instlref", "ironpub12");
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.keywordurl", "");
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:51:23");
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.monitorreport", true);
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&[...]
Gelöscht : user_pref("extensions.funmoods.newtab", true);
Gelöscht : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&[...]
Gelöscht : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"201\",\"lastVrsn\":\"201\",\"vrsnLoad\":\"[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrid", "funmoods");
Gelöscht : user_pref("extensions.funmoods.savedVrsnTs", "1");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.smplgrp", "none");
Gelöscht : user_pref("extensions.funmoods.srch", "");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gelöscht : user_pref("extensions.funmoods.srchprvdr", "Funmoods");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub1[...]
Gelöscht : user_pref("extensions.funmoods.tlbrid", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub1[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:51:23");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnts", "1.5.23.2215:51:23");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:51:23");
Gelöscht : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={8C39A798-654B-4DBB-A405-B51541FC5E32}&m[...]
Datei : C:\Users\Miriam II\AppData\Roaming\Mozilla\Firefox\Profiles\xrnq0niu.default\prefs.js
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.3.0.11")[...]
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
-\\ Google Chrome v10.0.648.204
Datei : C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.7] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C6F90025D32F37E3&affID=119357&t[...]
*************************
AdwCleaner[R1].txt - [60042 octets] - [23/07/2013 20:59:20]
AdwCleaner[S1].txt - [57658 octets] - [23/07/2013 21:03:50]
########## EOF - C:\AdwCleaner[S1].txt - [57719 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x86
Ran by Medion on 23.07.2013 at 21:22:01,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322342226}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Successfully deleted the following from C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\s2f3lxl7.default\prefs.js
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n /************************************************************
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "140085ea73546db327701a59d8e159f9");
user_pref("iminent.webbooster.scripts.minibar.FavLinkSplitTestingClass", "v1");
user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1374187903436");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1374188492435");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1374273201694");
user_pref("iminent.webbooster.scripts.sslminibar.FavLinkSplitTestingClass", "v2");
user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1374188488702");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1374272982299");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1374272982310");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1374272983010");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1374272982320");
Emptied folder: C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\s2f3lxl7.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 21:25:28,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2013 02 (ATTENTION: FRST version is 50 days old)
Ran by Medion (administrator) on 23-07-2013 21:29:45
Running from C:\Users\Medion\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Farbar) C:\Users\Medion\Desktop\FRST (2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495728 2010-03-30] (IDT, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SMART Board Service] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d [2219416 2012-10-17] (SMART Technologies)
HKLM\...\Run: [SMART Board Tools] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe" [10132336 2012-03-09] (SMART Technologies ULC)
HKLM\...\Run: [SMART Ink] "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a [98200 2012-10-25] (SMART Technologies)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [sbsdk-server] "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" [62360 2012-10-17] (SMART Technologies)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [QtraxNotification] C:\Users\Medion\Qtrax\Player\Notification.exe [x]
HKU\Finn.Medion-PC\...\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]
HKU\Finn.Medion-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Finn.Medion-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Miriam II\...\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]
HKU\Miriam II\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Miriam II\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s [ 2012-01-23] (TomTom)
HKU\Miriam II\...\Policies\system: [LogonHoursAction] 2
HKU\Miriam II\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {718950F7-AE55-48DA-8F41-B703D94FF653} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
PDF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default
FF SearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: No Name - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\foxmarks@kei.com
FF Extension: Yahoo! Toolbar - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: toolbar_ORJ-V7 - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\gears.dll (Google Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0
CHR Extension: (Read Later Fast) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.8_0
CHR Extension: (Friends Mural for Facebook) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhkjheddgkdhejgollcmdnhmpfagaed\0.9.5_0
CHR Extension: (Picnik Photo Editor) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.3_0
CHR Extension: (Autodesk Homestyler) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\1.5_0
CHR Extension: (AT_KojiNishida) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdhmimpfmefmegcdgmbohplkcbpgpjb\2_0
CHR Extension: (Rename title) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.6.2_0
CHR Extension: (Cooliris) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.2.44674_0
CHR Extension: (Todo.ly) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-09-28] (Flexera Software, Inc.)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-17] (SMART Technologies)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2010-03-30] (IDT, Inc.)
R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-06-27] (AVG Technologies)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2012-03-21] (SMART Technologies ULC)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2012-03-21] (SMART Technologies ULC)
R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2012-03-21] (SMART Technologies ULC)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S3 catchme; \??\C:\Users\Medion\AppData\Local\Temp\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 uxddrv; \??\E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 21:25 - 2013-07-23 21:25 - 00007346 ____A C:\Users\Medion\Desktop\JRT.txt
2013-07-23 21:21 - 2013-07-23 21:21 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 21:13 - 2013-07-23 21:13 - 00057789 ____A C:\Users\Medion\Desktop\AdwCleaner[S1].txt
2013-07-23 21:04 - 2013-07-23 21:06 - 00000357 ____A C:\Windows\DeleteOnReboot.bat
2013-07-23 21:03 - 2013-07-23 21:06 - 00057789 ____A C:\AdwCleaner[S1].txt
2013-07-23 20:59 - 2013-07-23 20:59 - 00060042 ____A C:\AdwCleaner[R1].txt
2013-07-23 20:44 - 2013-07-23 20:44 - 00560934 ____A (Oleg N. Scherbakov) C:\Users\Medion\Desktop\JRT.exe
2013-07-23 20:42 - 2013-07-23 20:42 - 00666633 ____A C:\Users\Medion\Desktop\adwcleaner.exe
2013-07-23 14:09 - 2013-07-23 14:09 - 00036299 ____A C:\ComboFix.txt
2013-07-23 13:13 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-23 13:13 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-23 13:13 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-23 13:07 - 2013-07-23 14:09 - 00000000 ____D C:\Qoobox
2013-07-23 13:07 - 2013-07-23 13:07 - 00001146 ____A C:\Users\Medion\Desktop\ComboFix - Verknüpfung.lnk
2013-07-23 13:06 - 2013-07-23 13:45 - 00000000 ____D C:\Windows\erdnt
2013-07-23 13:05 - 2013-07-23 13:06 - 05091940 ____R (Swearware) C:\Users\Medion\Downloads\ComboFix.exe
2013-07-23 12:13 - 2013-07-23 12:14 - 00023373 ____A C:\Users\Medion\Desktop\Addition.txt
2013-07-23 12:10 - 2013-07-23 12:10 - 00000000 ____D C:\FRST
2013-07-23 12:09 - 2013-07-23 12:10 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (3).exe
2013-07-23 12:09 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (2).exe
2013-07-23 10:35 - 2013-07-23 10:35 - 00016746 ____A C:\Users\Medion\Desktop\Logfiles.rar
2013-07-22 23:30 - 2013-07-22 23:30 - 00008902 ____A C:\Users\Medion\Desktop\gmer.log
2013-07-22 12:37 - 2013-07-22 12:37 - 00003408 ____N C:\bootsqm.dat
2013-07-22 12:07 - 2013-07-22 12:07 - 00000005 ____A C:\Users\Medion\AppData\Roaming\WBPU-TTL.DAT
2013-07-22 12:04 - 2013-07-22 12:04 - 00377856 ____A C:\Users\Medion\Desktop\gmer_2.1.19163.exe
2013-07-22 12:01 - 2013-07-22 12:01 - 00131504 ____A C:\Users\Medion\Desktop\OTL.Txt
2013-07-22 12:00 - 2013-07-22 12:00 - 00086788 ____A C:\Users\Medion\Desktop\Extras.Txt
2013-07-22 11:53 - 2013-07-22 11:53 - 00086788 ____A C:\Users\Medion\Downloads\Extras.Txt
2013-07-22 11:52 - 2013-07-22 11:52 - 00131504 ____A C:\Users\Medion\Downloads\OTL.Txt
2013-07-22 11:32 - 2013-07-22 11:32 - 00602112 ____A (OldTimer Tools) C:\Users\Medion\Downloads\OTL.exe
2013-07-22 11:26 - 2013-07-22 11:30 - 00000474 ____A C:\Users\Medion\Downloads\defogger_disable.log
2013-07-22 11:26 - 2013-07-22 11:26 - 00000000 ____A C:\Users\Medion\defogger_reenable
2013-07-22 11:24 - 2013-07-22 11:24 - 00050477 ____A C:\Users\Medion\Downloads\Defogger (1).exe
2013-07-22 11:23 - 2013-07-22 11:23 - 00050477 ____A C:\Users\Medion\Downloads\Defogger.exe
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Zip Opener Packages
2013-07-22 11:08 - 2013-07-22 11:08 - 00001072 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\Program Files\OpenIt
2013-07-22 11:06 - 2013-07-22 11:06 - 00793536 ____A C:\Users\Medion\Downloads\ZipOpenerSetup.exe
2013-07-20 00:22 - 2013-07-20 00:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-20 00:22 - 2013-07-20 00:21 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-20 00:22 - 2013-07-20 00:21 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-19 23:59 - 2013-07-19 23:59 - 01492584 ____A (Skype Technologies S.A.) C:\Users\Medion\Downloads\SkypeSetup(1).exe
2013-07-19 23:56 - 2013-07-19 23:57 - 00903080 ____A (Oracle Corporation) C:\Users\Medion\Downloads\jxpiinstall.exe
2013-07-19 01:09 - 2013-07-19 01:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-19 01:08 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-19 01:02 - 2013-07-19 01:02 - 00393424 ____A (Softonic ) C:\Users\Medion\Downloads\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
2013-07-18 17:46 - 2013-07-23 12:45 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-18 17:46 - 2013-07-18 17:46 - 00001012 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2013-07-18 17:46 - 2013-07-18 17:46 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Spyware Terminator
2013-07-18 17:46 - 2011-06-21 11:24 - 00032768 ____A C:\Windows\System32\Drivers\sp_rsdrv2.sys
2013-07-18 17:42 - 2013-07-18 17:46 - 00000000 ____D C:\Program Files\Spyware Terminator
2013-07-14 13:30 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-14 13:30 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-14 13:30 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-14 13:30 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-13 20:15 - 2013-06-05 05:05 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-13 20:15 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-13 20:15 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-13 20:15 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-07 21:53 - 2013-07-07 21:56 - 69388552 ____A C:\Users\Miriam II\Downloads\Spanisch - Barcelona erleben.wma
2013-07-07 21:52 - 2013-07-07 22:11 - 529175960 ____A C:\Users\Miriam II\Downloads\Tiefer Schmerz.wma
2013-07-07 21:52 - 2013-07-07 21:55 - 60615191 ____A C:\Users\Miriam II\Downloads\Dein Gehirn bist Du!.wma
2013-07-03 17:37 - 2013-07-03 17:38 - 21933464 ____A (Mozilla) C:\Users\Miriam II\Downloads\Firefox Setup 22.0_de.exe
2013-07-01 23:52 - 2013-07-01 23:52 - 00937232 ____A (Crawler.com ) C:\Users\Medion\Desktop\SpywareTerminatorSetup.exe
2013-07-01 23:51 - 2013-07-01 23:51 - 00393064 ____A (Softonic ) C:\Users\Miriam II\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2013-06-29 23:17 - 2013-07-01 16:41 - 00024129 ____A C:\Users\Miriam II\Documents\Finanzübersicht 2013.xlsx
2013-06-29 22:33 - 2013-06-29 22:33 - 00000000 ____D C:\Users\Miriam II\Documents\2013-06 (Jun)
2013-06-29 18:50 - 2013-06-29 18:50 - 00000851 ____A C:\Users\Miriam II\.recently-used.xbel
2013-06-28 15:20 - 2013-06-28 15:20 - 00000000 ____D C:\Users\Medion\AppData\Local\DriverTuner
2013-06-28 15:18 - 2013-06-28 15:18 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup(1).exe
2013-06-28 15:15 - 2013-06-28 15:15 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup.exe
2013-06-27 17:57 - 2013-06-27 17:58 - 00000000 ____D C:\Users\Miriam II\Documents\Finn
2013-06-27 14:22 - 2013-06-27 14:24 - 00003716 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
==================== One Month Modified Files and Folders ========
2013-07-23 21:25 - 2013-07-23 21:25 - 00007346 ____A C:\Users\Medion\Desktop\JRT.txt
2013-07-23 21:21 - 2013-07-23 21:21 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 21:18 - 2012-03-31 16:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 21:18 - 2009-07-14 06:34 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 21:18 - 2009-07-14 06:34 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 21:13 - 2013-07-23 21:13 - 00057789 ____A C:\Users\Medion\Desktop\AdwCleaner[S1].txt
2013-07-23 21:13 - 2011-04-14 21:53 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Skype
2013-07-23 21:11 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-23 21:11 - 2009-07-14 06:39 - 00114527 ____A C:\Windows\setupact.log
2013-07-23 21:09 - 2011-04-06 10:26 - 01896056 ____A C:\Windows\WindowsUpdate.log
2013-07-23 21:06 - 2013-07-23 21:04 - 00000357 ____A C:\Windows\DeleteOnReboot.bat
2013-07-23 21:06 - 2013-07-23 21:03 - 00057789 ____A C:\AdwCleaner[S1].txt
2013-07-23 21:04 - 2012-02-01 20:14 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-07-23 21:04 - 2011-04-19 18:23 - 00000000 ____D C:\users\Finn.Medion-PC
2013-07-23 20:59 - 2013-07-23 20:59 - 00060042 ____A C:\AdwCleaner[R1].txt
2013-07-23 20:55 - 2011-04-14 19:07 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-07-23 20:55 - 2010-05-05 19:37 - 00221556 ____A C:\Windows\PFRO.log
2013-07-23 20:54 - 2011-04-14 19:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-23 20:44 - 2013-07-23 20:44 - 00560934 ____A (Oleg N. Scherbakov) C:\Users\Medion\Desktop\JRT.exe
2013-07-23 20:42 - 2013-07-23 20:42 - 00666633 ____A C:\Users\Medion\Desktop\adwcleaner.exe
2013-07-23 20:35 - 2011-04-14 17:26 - 00000000 ____D C:\ProgramData\MFAData
2013-07-23 14:09 - 2013-07-23 14:09 - 00036299 ____A C:\ComboFix.txt
2013-07-23 14:09 - 2013-07-23 13:07 - 00000000 ____D C:\Qoobox
2013-07-23 14:09 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-07-23 14:07 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-07-23 13:45 - 2013-07-23 13:06 - 00000000 ____D C:\Windows\erdnt
2013-07-23 13:34 - 2009-07-14 04:03 - 66584576 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-07-23 13:34 - 2009-07-14 04:03 - 19136512 ____A C:\Windows\System32\config\SYSTEM.bak
2013-07-23 13:34 - 2009-07-14 04:03 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-07-23 13:34 - 2009-07-14 04:03 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-23 13:34 - 2009-07-14 04:03 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-07-23 13:15 - 2012-08-16 09:21 - 00000000 ____D C:\Users\Miriam II\AppData\Roaming\Dropbox
2013-07-23 13:07 - 2013-07-23 13:07 - 00001146 ____A C:\Users\Medion\Desktop\ComboFix - Verknüpfung.lnk
2013-07-23 13:06 - 2013-07-23 13:05 - 05091940 ____R (Swearware) C:\Users\Medion\Downloads\ComboFix.exe
2013-07-23 12:45 - 2013-07-18 17:46 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-23 12:14 - 2013-07-23 12:13 - 00023373 ____A C:\Users\Medion\Desktop\Addition.txt
2013-07-23 12:10 - 2013-07-23 12:10 - 00000000 ____D C:\FRST
2013-07-23 12:10 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (3).exe
2013-07-23 12:09 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (2).exe
2013-07-23 11:17 - 2012-03-31 16:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-07-23 11:17 - 2011-05-18 10:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-07-23 11:17 - 2011-04-06 10:32 - 00000000 ____D C:\Users\Medion\AppData\Local\Adobe
2013-07-23 11:14 - 2012-08-16 09:46 - 00000000 ___RD C:\Users\Miriam II\Dropbox
2013-07-23 11:05 - 2011-04-06 10:28 - 00000000 ____D C:\users\Medion
2013-07-23 10:35 - 2013-07-23 10:35 - 00016746 ____A C:\Users\Medion\Desktop\Logfiles.rar
2013-07-23 01:01 - 2013-04-30 09:27 - 00000000 ____D C:\Users\Medion\AppData\Local\Deployment
2013-07-22 23:30 - 2013-07-22 23:30 - 00008902 ____A C:\Users\Medion\Desktop\gmer.log
2013-07-22 12:37 - 2013-07-22 12:37 - 00003408 ____N C:\bootsqm.dat
2013-07-22 12:07 - 2013-07-22 12:07 - 00000005 ____A C:\Users\Medion\AppData\Roaming\WBPU-TTL.DAT
2013-07-22 12:04 - 2013-07-22 12:04 - 00377856 ____A C:\Users\Medion\Desktop\gmer_2.1.19163.exe
2013-07-22 12:01 - 2013-07-22 12:01 - 00131504 ____A C:\Users\Medion\Desktop\OTL.Txt
2013-07-22 12:00 - 2013-07-22 12:00 - 00086788 ____A C:\Users\Medion\Desktop\Extras.Txt
2013-07-22 11:53 - 2013-07-22 11:53 - 00086788 ____A C:\Users\Medion\Downloads\Extras.Txt
2013-07-22 11:52 - 2013-07-22 11:52 - 00131504 ____A C:\Users\Medion\Downloads\OTL.Txt
2013-07-22 11:32 - 2013-07-22 11:32 - 00602112 ____A (OldTimer Tools) C:\Users\Medion\Downloads\OTL.exe
2013-07-22 11:30 - 2013-07-22 11:26 - 00000474 ____A C:\Users\Medion\Downloads\defogger_disable.log
2013-07-22 11:26 - 2013-07-22 11:26 - 00000000 ____A C:\Users\Medion\defogger_reenable
2013-07-22 11:24 - 2013-07-22 11:24 - 00050477 ____A C:\Users\Medion\Downloads\Defogger (1).exe
2013-07-22 11:23 - 2013-07-22 11:23 - 00050477 ____A C:\Users\Medion\Downloads\Defogger.exe
2013-07-22 11:11 - 2012-10-10 18:07 - 00000000 ____D C:\Users\Medion\AppData\Local\Avg2013
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Zip Opener Packages
2013-07-22 11:08 - 2013-07-22 11:08 - 00001072 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\Program Files\OpenIt
2013-07-22 11:06 - 2013-07-22 11:06 - 00793536 ____A C:\Users\Medion\Downloads\ZipOpenerSetup.exe
2013-07-22 10:25 - 2011-04-14 19:57 - 00144640 ____A C:\Users\Medion\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 20:18 - 2011-08-24 19:26 - 00000000 ____D C:\Users\Miriam II\AppData\Roaming\HpUpdate
2013-07-20 09:24 - 2011-04-26 14:29 - 00144640 ____A C:\Users\Miriam II\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 08:58 - 2009-07-14 06:33 - 00483896 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-20 00:22 - 2013-07-20 00:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-20 00:21 - 2013-07-20 00:22 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-20 00:21 - 2013-07-20 00:22 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-20 00:21 - 2010-05-05 19:09 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-20 00:21 - 2010-05-05 19:09 - 00000000 ____D C:\Program Files\Java
2013-07-20 00:20 - 2010-05-05 17:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-20 00:12 - 2011-11-23 18:22 - 00000000 ____D C:\ProgramData\Lernwerkstatt 8
2013-07-19 23:59 - 2013-07-19 23:59 - 01492584 ____A (Skype Technologies S.A.) C:\Users\Medion\Downloads\SkypeSetup(1).exe
2013-07-19 23:57 - 2013-07-19 23:56 - 00903080 ____A (Oracle Corporation) C:\Users\Medion\Downloads\jxpiinstall.exe
2013-07-19 23:57 - 2013-05-23 07:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-19 22:28 - 2012-11-18 19:32 - 00000000 ____D C:\Users\Finn.Medion-PC\AppData\Roaming\.minecraft
2013-07-19 01:09 - 2013-07-19 01:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-19 01:02 - 2013-07-19 01:02 - 00393424 ____A (Softonic ) C:\Users\Medion\Downloads\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
2013-07-18 17:46 - 2013-07-18 17:46 - 00001012 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2013-07-18 17:46 - 2013-07-18 17:46 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Spyware Terminator
2013-07-18 17:46 - 2013-07-18 17:42 - 00000000 ____D C:\Program Files\Spyware Terminator
2013-07-14 14:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-14 13:58 - 2010-05-05 19:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 13:57 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 13:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 13:33 - 2010-05-05 18:08 - 01520734 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-14 13:31 - 2010-05-05 18:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-14 13:27 - 2010-05-05 19:33 - 75699896 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-07 22:11 - 2013-07-07 21:52 - 529175960 ____A C:\Users\Miriam II\Downloads\Tiefer Schmerz.wma
2013-07-07 21:56 - 2013-07-07 21:53 - 69388552 ____A C:\Users\Miriam II\Downloads\Spanisch - Barcelona erleben.wma
2013-07-07 21:55 - 2013-07-07 21:52 - 60615191 ____A C:\Users\Miriam II\Downloads\Dein Gehirn bist Du!.wma
2013-07-05 18:30 - 2012-09-30 20:29 - 00000000 ____D C:\Users\Miriam II\AppData\Local\Deployment
2013-07-04 12:41 - 2012-09-26 17:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 17:38 - 2013-07-03 17:37 - 21933464 ____A (Mozilla) C:\Users\Miriam II\Downloads\Firefox Setup 22.0_de.exe
2013-07-01 23:52 - 2013-07-01 23:52 - 00937232 ____A (Crawler.com ) C:\Users\Medion\Desktop\SpywareTerminatorSetup.exe
2013-07-01 23:51 - 2013-07-01 23:51 - 00393064 ____A (Softonic ) C:\Users\Miriam II\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2013-07-01 16:41 - 2013-06-29 23:17 - 00024129 ____A C:\Users\Miriam II\Documents\Finanzübersicht 2013.xlsx
2013-07-01 15:01 - 2012-09-11 21:45 - 00000000 ____D C:\Users\Miriam II\Documents\Krankenversicherung
2013-07-01 14:43 - 2011-09-05 21:15 - 00000000 ____D C:\Users\Miriam II\Documents\Eigene Scans
2013-06-29 22:47 - 2011-05-01 22:56 - 00000000 ____D C:\Users\Miriam II\.gimp-2.6
2013-06-29 22:33 - 2013-06-29 22:33 - 00000000 ____D C:\Users\Miriam II\Documents\2013-06 (Jun)
2013-06-29 18:50 - 2013-06-29 18:50 - 00000851 ____A C:\Users\Miriam II\.recently-used.xbel
2013-06-29 18:50 - 2011-04-25 12:50 - 00000000 ____D C:\users\Miriam II
2013-06-29 14:32 - 2011-07-08 21:38 - 00000000 ____D C:\Users\Miriam II\Documents\Kontoauszüge
2013-06-28 16:05 - 2013-05-14 20:52 - 00000000 ___RD C:\Program Files\Skype
2013-06-28 16:05 - 2011-04-14 21:52 - 00000000 ____D C:\ProgramData\Skype
2013-06-28 15:53 - 2013-05-09 15:31 - 00000862 ____A C:\Windows\System32\InstallUtil.InstallLog
2013-06-28 15:20 - 2013-06-28 15:20 - 00000000 ____D C:\Users\Medion\AppData\Local\DriverTuner
2013-06-28 15:18 - 2013-06-28 15:18 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup(1).exe
2013-06-28 15:15 - 2013-06-28 15:15 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup.exe
2013-06-27 17:58 - 2013-06-27 17:57 - 00000000 ____D C:\Users\Miriam II\Documents\Finn
2013-06-27 17:57 - 2012-09-28 11:18 - 00000000 ____D C:\Users\Miriam II\Documents\car to go
2013-06-27 14:24 - 2013-06-27 14:22 - 00003716 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-06-27 14:22 - 2012-10-10 18:14 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-07-13 23:15
==================== End Of Log ============================
|
|
23.07.2013, 21:11
| #8 |
| /// the machine /// TB-Ausbilder | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.07.2013, 21:11
| #9 |
| | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Hallo Schrauber, hier endlich die letzten Logs. Da ich mehr Wechseldatenträger als USB Ports habe, habe ich ESET zweimal durchlaufen lassen. Ich glaube aber, soweit ich das beurteilen kann, dass beim zweiten nichts neues raus gekommen ist. Ich habe eine Tastatur, die von meinem Computer sehr selten erkannt wurde. Der Händler meinte, die Tastatur sei völlig ok und ich müsse einen Trojaner auf meinem Laptop haben. Spybot hat dann ja auch einen entdeckt und daraufhin habe ich mich an euch gewendet. Eben habe ich versucht, die Tastatur nochmal anzuschließen, hat aber leider wieder nicht geklappt. Heißt das jetzt, das ich immer noch was auf dem Computer habe oder bin ich einfach zu doof ein Plug and Play Gerät anzuschließen? Hier erst einmal die Logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff641632f80ca14a9b430fec46ce388f
# engine=14509
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-24 12:52:58
# local_time=2013-07-24 02:52:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1039 16777213 100 92 18446 61804362 0 0
# compatibility_mode=5893 16776574 100 94 89007 126301569 0 0
# compatibility_mode=7937 16777214 28 75 507981 8881704 0 0
# scanned=326129
# found=4
# cleaned=0
# scan_time=17922
sh=6506F2C746CB98CC8A93D4466B2DBC0E7502CDAF ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\DealPly10.zip"
sh=6506F2C746CB98CC8A93D4466B2DBC0E7502CDAF ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\DealPly10.zip"
sh=B1F72F319541F1716B8FC78C20341895DDDE3C8B ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Mika\AppData\Local\Mozilla\Firefox\Profiles\iw38tv23.default\Cache\D9D2C44Ad01"
sh=D253D607ABD8470A26408010D741A6CD342BF889 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="G:\MIKA-PC\Backup Set 2011-02-13 190001\Backup Files 2011-03-07 195134\Backup files 1.zip"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff641632f80ca14a9b430fec46ce388f
# engine=14509
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-24 12:52:58
# local_time=2013-07-24 02:52:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1039 16777213 100 92 18446 61804362 0 0
# compatibility_mode=5893 16776574 100 94 89007 126301569 0 0
# compatibility_mode=7937 16777214 28 75 507981 8881704 0 0
# scanned=326129
# found=4
# cleaned=0
# scan_time=17922
sh=6506F2C746CB98CC8A93D4466B2DBC0E7502CDAF ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\DealPly10.zip"
sh=6506F2C746CB98CC8A93D4466B2DBC0E7502CDAF ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\DealPly10.zip"
sh=B1F72F319541F1716B8FC78C20341895DDDE3C8B ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Mika\AppData\Local\Mozilla\Firefox\Profiles\iw38tv23.default\Cache\D9D2C44Ad01"
sh=D253D607ABD8470A26408010D741A6CD342BF889 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="G:\MIKA-PC\Backup Set 2011-02-13 190001\Backup Files 2011-03-07 195134\Backup files 1.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff641632f80ca14a9b430fec46ce388f
# engine=14515
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-24 10:51:59
# local_time=2013-07-25 12:51:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1039 16777213 100 92 54387 61840303 0 0
# compatibility_mode=5893 16776574 100 94 124948 126337510 0 0
# compatibility_mode=7937 16777214 28 75 543922 8917645 0 0
# scanned=269670
# found=3
# cleaned=0
# scan_time=35192
sh=6506F2C746CB98CC8A93D4466B2DBC0E7502CDAF ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\DealPly10.zip"
sh=6506F2C746CB98CC8A93D4466B2DBC0E7502CDAF ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\DealPly10.zip"
sh=B1F72F319541F1716B8FC78C20341895DDDE3C8B ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\Mika\AppData\Local\Mozilla\Firefox\Profiles\iw38tv23.default\Cache\D9D2C44Ad01"
Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2013 Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Spyware Terminator 2012 Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox (22.0) Mozilla Thunderbird (17.0.) Google Chrome 10.0.648.204 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2013 02 (ATTENTION: FRST version is 52 days old)
Ran by Medion (administrator) on 25-07-2013 09:54:23
Running from C:\Users\Medion\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcfgex.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
() C:\Users\Medion\Desktop\SecurityCheck.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Medion\Desktop\FRST (2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495728 2010-03-30] (IDT, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SMART Board Service] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d [2219416 2012-10-17] (SMART Technologies)
HKLM\...\Run: [SMART Board Tools] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe" [10132336 2012-03-09] (SMART Technologies ULC)
HKLM\...\Run: [SMART Ink] "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a [98200 2012-10-25] (SMART Technologies)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [sbsdk-server] "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" [62360 2012-10-17] (SMART Technologies)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [QtraxNotification] C:\Users\Medion\Qtrax\Player\Notification.exe [x]
HKU\Finn.Medion-PC\...\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]
HKU\Finn.Medion-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Finn.Medion-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Miriam II\...\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]
HKU\Miriam II\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Miriam II\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s [ 2012-01-23] (TomTom)
HKU\Miriam II\...\Policies\system: [LogonHoursAction] 2
HKU\Miriam II\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {718950F7-AE55-48DA-8F41-B703D94FF653} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
PDF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default
FF SearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: No Name - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\foxmarks@kei.com
FF Extension: Yahoo! Toolbar - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: toolbar_ORJ-V7 - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\s2f3lxl7.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Medion\AppData\Local\Google\Chrome\Application\10.0.648.204\gears.dll (Google Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0
CHR Extension: (Read Later Fast) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.8_0
CHR Extension: (Friends Mural for Facebook) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhkjheddgkdhejgollcmdnhmpfagaed\0.9.5_0
CHR Extension: (Picnik Photo Editor) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.3_0
CHR Extension: (Autodesk Homestyler) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\1.5_0
CHR Extension: (AT_KojiNishida) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdhmimpfmefmegcdgmbohplkcbpgpjb\2_0
CHR Extension: (Rename title) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.6.2_0
CHR Extension: (Cooliris) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.2.44674_0
CHR Extension: (Todo.ly) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0
========================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-09-28] (Flexera Software, Inc.)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-17] (SMART Technologies)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2010-03-30] (IDT, Inc.)
R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-06-27] (AVG Technologies)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2012-03-21] (SMART Technologies ULC)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2012-03-21] (SMART Technologies ULC)
R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2012-03-21] (SMART Technologies ULC)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S3 catchme; \??\C:\Users\Medion\AppData\Local\Temp\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 uxddrv; \??\E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-25 09:52 - 2013-07-25 09:52 - 00001010 ____A C:\Users\Medion\Desktop\checkup.txt
2013-07-24 09:51 - 2013-07-24 09:51 - 02347384 ____A (ESET) C:\Users\Medion\Downloads\esetsmartinstaller_enu (1).exe
2013-07-24 09:47 - 2013-07-24 09:47 - 00891062 ____A C:\Users\Medion\Desktop\SecurityCheck.exe
2013-07-24 09:46 - 2013-07-24 09:47 - 02347384 ____A (ESET) C:\Users\Medion\Downloads\esetsmartinstaller_enu.exe
2013-07-23 22:04 - 2013-07-23 22:04 - 00042734 ____A C:\Users\Medion\Desktop\FRST 2.txt
2013-07-23 21:25 - 2013-07-23 21:25 - 00007346 ____A C:\Users\Medion\Desktop\JRT.txt
2013-07-23 21:21 - 2013-07-23 21:21 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 21:13 - 2013-07-23 21:13 - 00057789 ____A C:\Users\Medion\Desktop\AdwCleaner[S1].txt
2013-07-23 21:04 - 2013-07-23 21:06 - 00000357 ____A C:\Windows\DeleteOnReboot.bat
2013-07-23 21:03 - 2013-07-23 21:06 - 00057789 ____A C:\AdwCleaner[S1].txt
2013-07-23 20:59 - 2013-07-23 20:59 - 00060042 ____A C:\AdwCleaner[R1].txt
2013-07-23 20:44 - 2013-07-23 20:44 - 00560934 ____A (Oleg N. Scherbakov) C:\Users\Medion\Desktop\JRT.exe
2013-07-23 20:42 - 2013-07-23 20:42 - 00666633 ____A C:\Users\Medion\Desktop\adwcleaner.exe
2013-07-23 14:09 - 2013-07-23 14:09 - 00036299 ____A C:\ComboFix.txt
2013-07-23 13:13 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-23 13:13 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-23 13:13 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-23 13:13 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-23 13:07 - 2013-07-23 14:09 - 00000000 ____D C:\Qoobox
2013-07-23 13:07 - 2013-07-23 13:07 - 00001146 ____A C:\Users\Medion\Desktop\ComboFix - Verknüpfung.lnk
2013-07-23 13:06 - 2013-07-23 13:45 - 00000000 ____D C:\Windows\erdnt
2013-07-23 13:05 - 2013-07-23 13:06 - 05091940 ____R (Swearware) C:\Users\Medion\Downloads\ComboFix.exe
2013-07-23 12:13 - 2013-07-23 12:14 - 00023373 ____A C:\Users\Medion\Desktop\Addition.txt
2013-07-23 12:10 - 2013-07-23 12:10 - 00000000 ____D C:\FRST
2013-07-23 12:09 - 2013-07-23 12:10 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (3).exe
2013-07-23 12:09 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (2).exe
2013-07-23 10:35 - 2013-07-23 10:35 - 00016746 ____A C:\Users\Medion\Desktop\Logfiles.rar
2013-07-22 23:30 - 2013-07-22 23:30 - 00008902 ____A C:\Users\Medion\Desktop\gmer.log
2013-07-22 12:07 - 2013-07-22 12:07 - 00000005 ____A C:\Users\Medion\AppData\Roaming\WBPU-TTL.DAT
2013-07-22 12:04 - 2013-07-22 12:04 - 00377856 ____A C:\Users\Medion\Desktop\gmer_2.1.19163.exe
2013-07-22 12:01 - 2013-07-22 12:01 - 00131504 ____A C:\Users\Medion\Desktop\OTL.Txt
2013-07-22 12:00 - 2013-07-22 12:00 - 00086788 ____A C:\Users\Medion\Desktop\Extras.Txt
2013-07-22 11:53 - 2013-07-22 11:53 - 00086788 ____A C:\Users\Medion\Downloads\Extras.Txt
2013-07-22 11:52 - 2013-07-22 11:52 - 00131504 ____A C:\Users\Medion\Downloads\OTL.Txt
2013-07-22 11:32 - 2013-07-22 11:32 - 00602112 ____A (OldTimer Tools) C:\Users\Medion\Downloads\OTL.exe
2013-07-22 11:26 - 2013-07-22 11:30 - 00000474 ____A C:\Users\Medion\Downloads\defogger_disable.log
2013-07-22 11:26 - 2013-07-22 11:26 - 00000000 ____A C:\Users\Medion\defogger_reenable
2013-07-22 11:24 - 2013-07-22 11:24 - 00050477 ____A C:\Users\Medion\Downloads\Defogger (1).exe
2013-07-22 11:23 - 2013-07-22 11:23 - 00050477 ____A C:\Users\Medion\Downloads\Defogger.exe
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Zip Opener Packages
2013-07-22 11:08 - 2013-07-22 11:08 - 00001072 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\Program Files\OpenIt
2013-07-22 11:06 - 2013-07-22 11:06 - 00793536 ____A C:\Users\Medion\Downloads\ZipOpenerSetup.exe
2013-07-20 00:22 - 2013-07-20 00:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-20 00:22 - 2013-07-20 00:21 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-20 00:22 - 2013-07-20 00:21 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-20 00:22 - 2013-07-20 00:21 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-19 23:59 - 2013-07-19 23:59 - 01492584 ____A (Skype Technologies S.A.) C:\Users\Medion\Downloads\SkypeSetup(1).exe
2013-07-19 23:56 - 2013-07-19 23:57 - 00903080 ____A (Oracle Corporation) C:\Users\Medion\Downloads\jxpiinstall.exe
2013-07-19 01:09 - 2013-07-19 01:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-19 01:08 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-19 01:02 - 2013-07-19 01:02 - 00393424 ____A (Softonic ) C:\Users\Medion\Downloads\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
2013-07-18 17:46 - 2013-07-24 15:58 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-18 17:46 - 2013-07-18 17:46 - 00001012 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2013-07-18 17:46 - 2013-07-18 17:46 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Spyware Terminator
2013-07-18 17:46 - 2011-06-21 11:24 - 00032768 ____A C:\Windows\System32\Drivers\sp_rsdrv2.sys
2013-07-18 17:42 - 2013-07-18 17:46 - 00000000 ____D C:\Program Files\Spyware Terminator
2013-07-14 13:30 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-14 13:30 - 2013-06-12 01:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-14 13:30 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-14 13:30 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-14 13:30 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-14 13:30 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-13 20:15 - 2013-06-05 05:05 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-13 20:15 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-13 20:15 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-13 20:15 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-07 21:53 - 2013-07-07 21:56 - 69388552 ____A C:\Users\Miriam II\Downloads\Spanisch - Barcelona erleben.wma
2013-07-07 21:52 - 2013-07-07 22:11 - 529175960 ____A C:\Users\Miriam II\Downloads\Tiefer Schmerz.wma
2013-07-07 21:52 - 2013-07-07 21:55 - 60615191 ____A C:\Users\Miriam II\Downloads\Dein Gehirn bist Du!.wma
2013-07-03 17:37 - 2013-07-03 17:38 - 21933464 ____A (Mozilla) C:\Users\Miriam II\Downloads\Firefox Setup 22.0_de.exe
2013-07-01 23:52 - 2013-07-01 23:52 - 00937232 ____A (Crawler.com ) C:\Users\Medion\Desktop\SpywareTerminatorSetup.exe
2013-07-01 23:51 - 2013-07-01 23:51 - 00393064 ____A (Softonic ) C:\Users\Miriam II\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2013-06-29 23:17 - 2013-07-01 16:41 - 00024129 ____A C:\Users\Miriam II\Documents\Finanzübersicht 2013.xlsx
2013-06-29 22:33 - 2013-06-29 22:33 - 00000000 ____D C:\Users\Miriam II\Documents\2013-06 (Jun)
2013-06-29 18:50 - 2013-06-29 18:50 - 00000851 ____A C:\Users\Miriam II\.recently-used.xbel
2013-06-28 15:20 - 2013-06-28 15:20 - 00000000 ____D C:\Users\Medion\AppData\Local\DriverTuner
2013-06-28 15:18 - 2013-06-28 15:18 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup(1).exe
2013-06-28 15:15 - 2013-06-28 15:15 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup.exe
2013-06-27 17:57 - 2013-06-27 17:58 - 00000000 ____D C:\Users\Miriam II\Documents\Finn
2013-06-27 14:22 - 2013-06-27 14:24 - 00003716 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
==================== One Month Modified Files and Folders ========
2013-07-25 09:52 - 2013-07-25 09:52 - 00001010 ____A C:\Users\Medion\Desktop\checkup.txt
2013-07-25 09:50 - 2010-05-05 18:08 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-25 09:37 - 2011-04-06 10:26 - 02032958 ____A C:\Windows\WindowsUpdate.log
2013-07-25 09:27 - 2012-03-31 16:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 15:58 - 2013-07-18 17:46 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-24 09:51 - 2013-07-24 09:51 - 02347384 ____A (ESET) C:\Users\Medion\Downloads\esetsmartinstaller_enu (1).exe
2013-07-24 09:47 - 2013-07-24 09:47 - 00891062 ____A C:\Users\Medion\Desktop\SecurityCheck.exe
2013-07-24 09:47 - 2013-07-24 09:46 - 02347384 ____A (ESET) C:\Users\Medion\Downloads\esetsmartinstaller_enu.exe
2013-07-24 09:46 - 2013-04-30 09:27 - 00000000 ____D C:\Users\Medion\AppData\Local\Deployment
2013-07-24 09:46 - 2013-04-30 09:27 - 00000000 ____D C:\Users\Medion\AppData\Local\Apps\2.0
2013-07-24 09:45 - 2011-04-14 17:26 - 00000000 ____D C:\ProgramData\MFAData
2013-07-24 09:42 - 2011-04-14 21:53 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Skype
2013-07-23 23:14 - 2009-07-14 06:34 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 23:14 - 2009-07-14 06:34 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 23:07 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-23 23:07 - 2009-07-14 06:39 - 00114639 ____A C:\Windows\setupact.log
2013-07-23 22:04 - 2013-07-23 22:04 - 00042734 ____A C:\Users\Medion\Desktop\FRST 2.txt
2013-07-23 21:25 - 2013-07-23 21:25 - 00007346 ____A C:\Users\Medion\Desktop\JRT.txt
2013-07-23 21:21 - 2013-07-23 21:21 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 21:13 - 2013-07-23 21:13 - 00057789 ____A C:\Users\Medion\Desktop\AdwCleaner[S1].txt
2013-07-23 21:06 - 2013-07-23 21:04 - 00000357 ____A C:\Windows\DeleteOnReboot.bat
2013-07-23 21:06 - 2013-07-23 21:03 - 00057789 ____A C:\AdwCleaner[S1].txt
2013-07-23 21:04 - 2012-02-01 20:14 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-07-23 21:04 - 2011-04-19 18:23 - 00000000 ____D C:\users\Finn.Medion-PC
2013-07-23 20:59 - 2013-07-23 20:59 - 00060042 ____A C:\AdwCleaner[R1].txt
2013-07-23 20:55 - 2011-04-14 19:07 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-07-23 20:55 - 2010-05-05 19:37 - 00221556 ____A C:\Windows\PFRO.log
2013-07-23 20:54 - 2011-04-14 19:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-23 20:44 - 2013-07-23 20:44 - 00560934 ____A (Oleg N. Scherbakov) C:\Users\Medion\Desktop\JRT.exe
2013-07-23 20:42 - 2013-07-23 20:42 - 00666633 ____A C:\Users\Medion\Desktop\adwcleaner.exe
2013-07-23 14:09 - 2013-07-23 14:09 - 00036299 ____A C:\ComboFix.txt
2013-07-23 14:09 - 2013-07-23 13:07 - 00000000 ____D C:\Qoobox
2013-07-23 14:09 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-07-23 14:07 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-07-23 13:45 - 2013-07-23 13:06 - 00000000 ____D C:\Windows\erdnt
2013-07-23 13:34 - 2009-07-14 04:03 - 66584576 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-07-23 13:34 - 2009-07-14 04:03 - 19136512 ____A C:\Windows\System32\config\SYSTEM.bak
2013-07-23 13:34 - 2009-07-14 04:03 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-07-23 13:34 - 2009-07-14 04:03 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-23 13:34 - 2009-07-14 04:03 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-07-23 13:15 - 2012-08-16 09:21 - 00000000 ____D C:\Users\Miriam II\AppData\Roaming\Dropbox
2013-07-23 13:07 - 2013-07-23 13:07 - 00001146 ____A C:\Users\Medion\Desktop\ComboFix - Verknüpfung.lnk
2013-07-23 13:06 - 2013-07-23 13:05 - 05091940 ____R (Swearware) C:\Users\Medion\Downloads\ComboFix.exe
2013-07-23 12:14 - 2013-07-23 12:13 - 00023373 ____A C:\Users\Medion\Desktop\Addition.txt
2013-07-23 12:10 - 2013-07-23 12:10 - 00000000 ____D C:\FRST
2013-07-23 12:10 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (3).exe
2013-07-23 12:09 - 2013-07-23 12:09 - 01356205 ____A (Farbar) C:\Users\Medion\Desktop\FRST (2).exe
2013-07-23 11:17 - 2012-03-31 16:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-07-23 11:17 - 2011-05-18 10:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-07-23 11:17 - 2011-04-06 10:32 - 00000000 ____D C:\Users\Medion\AppData\Local\Adobe
2013-07-23 11:14 - 2012-08-16 09:46 - 00000000 ___RD C:\Users\Miriam II\Dropbox
2013-07-23 11:05 - 2011-04-06 10:28 - 00000000 ____D C:\users\Medion
2013-07-23 10:35 - 2013-07-23 10:35 - 00016746 ____A C:\Users\Medion\Desktop\Logfiles.rar
2013-07-22 23:30 - 2013-07-22 23:30 - 00008902 ____A C:\Users\Medion\Desktop\gmer.log
2013-07-22 12:07 - 2013-07-22 12:07 - 00000005 ____A C:\Users\Medion\AppData\Roaming\WBPU-TTL.DAT
2013-07-22 12:04 - 2013-07-22 12:04 - 00377856 ____A C:\Users\Medion\Desktop\gmer_2.1.19163.exe
2013-07-22 12:01 - 2013-07-22 12:01 - 00131504 ____A C:\Users\Medion\Desktop\OTL.Txt
2013-07-22 12:00 - 2013-07-22 12:00 - 00086788 ____A C:\Users\Medion\Desktop\Extras.Txt
2013-07-22 11:53 - 2013-07-22 11:53 - 00086788 ____A C:\Users\Medion\Downloads\Extras.Txt
2013-07-22 11:52 - 2013-07-22 11:52 - 00131504 ____A C:\Users\Medion\Downloads\OTL.Txt
2013-07-22 11:32 - 2013-07-22 11:32 - 00602112 ____A (OldTimer Tools) C:\Users\Medion\Downloads\OTL.exe
2013-07-22 11:30 - 2013-07-22 11:26 - 00000474 ____A C:\Users\Medion\Downloads\defogger_disable.log
2013-07-22 11:26 - 2013-07-22 11:26 - 00000000 ____A C:\Users\Medion\defogger_reenable
2013-07-22 11:24 - 2013-07-22 11:24 - 00050477 ____A C:\Users\Medion\Downloads\Defogger (1).exe
2013-07-22 11:23 - 2013-07-22 11:23 - 00050477 ____A C:\Users\Medion\Downloads\Defogger.exe
2013-07-22 11:11 - 2012-10-10 18:07 - 00000000 ____D C:\Users\Medion\AppData\Local\Avg2013
2013-07-22 11:09 - 2013-07-22 11:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Zip Opener Packages
2013-07-22 11:08 - 2013-07-22 11:08 - 00001072 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-07-22 11:07 - 2013-07-22 11:07 - 00000000 ____D C:\Program Files\OpenIt
2013-07-22 11:06 - 2013-07-22 11:06 - 00793536 ____A C:\Users\Medion\Downloads\ZipOpenerSetup.exe
2013-07-22 10:25 - 2011-04-14 19:57 - 00144640 ____A C:\Users\Medion\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 20:18 - 2011-08-24 19:26 - 00000000 ____D C:\Users\Miriam II\AppData\Roaming\HpUpdate
2013-07-20 09:24 - 2011-04-26 14:29 - 00144640 ____A C:\Users\Miriam II\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 08:58 - 2009-07-14 06:33 - 00483896 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-20 00:22 - 2013-07-20 00:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-20 00:21 - 2013-07-20 00:22 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-20 00:21 - 2013-07-20 00:22 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-20 00:21 - 2013-07-20 00:22 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-20 00:21 - 2010-05-05 19:09 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-20 00:21 - 2010-05-05 19:09 - 00000000 ____D C:\Program Files\Java
2013-07-20 00:20 - 2010-05-05 17:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-20 00:12 - 2011-11-23 18:22 - 00000000 ____D C:\ProgramData\Lernwerkstatt 8
2013-07-19 23:59 - 2013-07-19 23:59 - 01492584 ____A (Skype Technologies S.A.) C:\Users\Medion\Downloads\SkypeSetup(1).exe
2013-07-19 23:57 - 2013-07-19 23:56 - 00903080 ____A (Oracle Corporation) C:\Users\Medion\Downloads\jxpiinstall.exe
2013-07-19 23:57 - 2013-05-23 07:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-19 22:28 - 2012-11-18 19:32 - 00000000 ____D C:\Users\Finn.Medion-PC\AppData\Roaming\.minecraft
2013-07-19 01:09 - 2013-07-19 01:09 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 01:08 - 2013-07-19 01:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-19 01:02 - 2013-07-19 01:02 - 00393424 ____A (Softonic ) C:\Users\Medion\Downloads\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
2013-07-18 17:46 - 2013-07-18 17:46 - 00001012 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2013-07-18 17:46 - 2013-07-18 17:46 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Spyware Terminator
2013-07-18 17:46 - 2013-07-18 17:42 - 00000000 ____D C:\Program Files\Spyware Terminator
2013-07-14 14:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-14 13:58 - 2010-05-05 19:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 13:57 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 13:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 13:31 - 2010-05-05 18:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-14 13:27 - 2010-05-05 19:33 - 75699896 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-07 22:11 - 2013-07-07 21:52 - 529175960 ____A C:\Users\Miriam II\Downloads\Tiefer Schmerz.wma
2013-07-07 21:56 - 2013-07-07 21:53 - 69388552 ____A C:\Users\Miriam II\Downloads\Spanisch - Barcelona erleben.wma
2013-07-07 21:55 - 2013-07-07 21:52 - 60615191 ____A C:\Users\Miriam II\Downloads\Dein Gehirn bist Du!.wma
2013-07-05 18:30 - 2012-09-30 20:29 - 00000000 ____D C:\Users\Miriam II\AppData\Local\Deployment
2013-07-04 12:41 - 2012-09-26 17:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 17:38 - 2013-07-03 17:37 - 21933464 ____A (Mozilla) C:\Users\Miriam II\Downloads\Firefox Setup 22.0_de.exe
2013-07-01 23:52 - 2013-07-01 23:52 - 00937232 ____A (Crawler.com ) C:\Users\Medion\Desktop\SpywareTerminatorSetup.exe
2013-07-01 23:51 - 2013-07-01 23:51 - 00393064 ____A (Softonic ) C:\Users\Miriam II\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2013-07-01 16:41 - 2013-06-29 23:17 - 00024129 ____A C:\Users\Miriam II\Documents\Finanzübersicht 2013.xlsx
2013-07-01 15:01 - 2012-09-11 21:45 - 00000000 ____D C:\Users\Miriam II\Documents\Krankenversicherung
2013-07-01 14:43 - 2011-09-05 21:15 - 00000000 ____D C:\Users\Miriam II\Documents\Eigene Scans
2013-06-29 22:47 - 2011-05-01 22:56 - 00000000 ____D C:\Users\Miriam II\.gimp-2.6
2013-06-29 22:33 - 2013-06-29 22:33 - 00000000 ____D C:\Users\Miriam II\Documents\2013-06 (Jun)
2013-06-29 18:50 - 2013-06-29 18:50 - 00000851 ____A C:\Users\Miriam II\.recently-used.xbel
2013-06-29 18:50 - 2011-04-25 12:50 - 00000000 ____D C:\users\Miriam II
2013-06-29 14:32 - 2011-07-08 21:38 - 00000000 ____D C:\Users\Miriam II\Documents\Kontoauszüge
2013-06-28 16:05 - 2013-05-14 20:52 - 00000000 ___RD C:\Program Files\Skype
2013-06-28 16:05 - 2011-04-14 21:52 - 00000000 ____D C:\ProgramData\Skype
2013-06-28 15:53 - 2013-05-09 15:31 - 00000862 ____A C:\Windows\System32\InstallUtil.InstallLog
2013-06-28 15:20 - 2013-06-28 15:20 - 00000000 ____D C:\Users\Medion\AppData\Local\DriverTuner
2013-06-28 15:18 - 2013-06-28 15:18 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup(1).exe
2013-06-28 15:15 - 2013-06-28 15:15 - 02811856 ____A (LionSea SoftWare ) C:\Users\Miriam II\Downloads\setup.exe
2013-06-27 17:58 - 2013-06-27 17:57 - 00000000 ____D C:\Users\Miriam II\Documents\Finn
2013-06-27 17:57 - 2012-09-28 11:18 - 00000000 ____D C:\Users\Miriam II\Documents\car to go
2013-06-27 14:24 - 2013-06-27 14:22 - 00003716 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-06-27 14:22 - 2012-10-10 18:14 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-07-23 23:49
==================== End Of Log ============================
|
|
26.07.2013, 09:37
| #10 |
| /// the machine /// TB-Ausbilder | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Firefox bitte deinstallieren, keine Daten behalten, neu installieren. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. QTRAX, SpywareTerminator deinstallieren. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter KCU\...\Run: [QtraxNotification] C:\Users\Medion\Qtrax\Player\Notification.exe [x]
HKU\Finn.Medion-PC\...\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
was genau pasiert wenn Du das Keyboard ansteckst?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.07.2013, 14:01
| #11 |
| | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Wenn ich die Tastatur anschließe, ertönt dieser Sound, der bedeutet, dass ein Gerät angeschlossen wurde. Dieser wiederholt sich dann alle paar Sekunden. Manchmal ploppt auch alle paar Sekunden ein Fenster auf, in dem steht, dass ein Gerät angeschlossen wurde. Dies ist aber schon länger nicht passiert. In der Taskleiste erscheint nach ein paar Sekunden die USB Anzeige mit dem Hinweis, dass ein an den Computer angeschlossenes Gerät nicht erkannt wird. Einen Treiber finde ich aber auch nicht. Ich habe die Tastatur schon ein paar Wochen und habe es in der Zeit zweimal erlebt, dass die Tastatur ohne Probleme funktionierte. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-06-2013 02
Ran by Medion at 2013-07-26 13:19:14 Run:1
Running from C:\Users\Medion\Desktop
Boot Mode: Normal
==============================================
HKEY_USERS\Finn.Medion-PC\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater => Value deleted successfully.
==== End of Fixlog ====
MIKA |
|
26.07.2013, 14:38
| #12 |
| /// the machine /// TB-Ausbilder | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Anderen Anschluss probieren bzw anderes Keyboard. Ausschluss-Verfahren
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.07.2013, 17:59
| #13 |
| | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Andere Anschlüsse habe ich schon probiert und das Keyboard ist ziemlich teuer gewesen, kann es aber nicht zurückgeben, weil es ja laut Hersteller einwandfrei funktioniert. Wenn es nicht am Trojaner liegt, muss ich mir halt nochmal was anderes überlegen. Aber mein Laptop ist wieder Malwarefrei? Muss ich noch etwas tun / beachten? Gruß MIKA Habe Malwyrebytes Antimalware noch mal durchlaufen lassen und folgendes gefunden.  Ist das schlimm? Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.25.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Medion :: MEDION-PC [Administrator] Schutz: Aktiviert 26.07.2013 16:32:20 MBAM-log-2013-07-26 (18-47-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 556542 Laufzeit: 2 Stunde(n), 8 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir (PUP.DealPly) -> Keine Aktion durchgeführt. (Ende)  |
|
27.07.2013, 10:53
| #14 |
| /// the machine /// TB-Ausbilder | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Der Fund ist schon in Quarantäne Wir sind fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.07.2013, 11:37
| #15 |
| | win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen Hallo Schrauber, vielen Dank für deine Hilfe und deine Geduld  . Du hast mich echt gerettet  . Also nochmals |
|
| Themen zu win32.gen wurde von Spybot erkannt, von Antivir und Antimalware aber nicht, lässt sich nicht entfernen |
| avg security toolbar, browserdefendert, computer, converter, desktop, entfernen, firefox, flash player, google, html/iframe.b.gen, launch, lässt sich nicht entfernen, plug-in, pup.funmoods, pup.offerbundler.st, qtrax, registry, safer networking, secure search, security, software, spyware, vtoolbarupdater, win32/bagle.gen.zip |
Linear-Darstellung
