| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.01.2014, 14:37
| #1 |
 |  Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Moin die Damen und Herren, vorab trotz meines Problems alles Gute für das kommende Jahr. Ich habe einen Laptop mit Win7 und verwende Outlook mit einer Anbindung an Hosteurope. Die Applikation Oxtender ist nach 2 Meldungen, dass Windows unevermutet heruntergefahren wurde nicht mehr auf meinem Rechner. Zudem lässt sich der Defender nicht mehr starten. Mit Hilfe eines Windows Tool und dem EU Cleaner von Avira habe versucht den Fehler zu lokalisieren. Der EU Cleaner hat auch vier schadhafte Dateien gefunden und entfernt. Aber leider kann ich den Defender immernoch nicht starten. Bitte helft mir!!! VG Tom |
|
03.01.2014, 15:04
| #2 |
| /// the machine /// TB-Ausbilder    | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
03.01.2014, 15:28
| #3 |
| | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbarFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by TBLap (administrator) on TBLAP-PC on 03-01-2014 15:21:40
Running from C:\Users\TBLap\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SwiService.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
() C:\Program Files (x86)\OneClickInternet\WTGService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Open-Xchange) C:\Users\TBLap\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Akamai Technologies, Inc.) C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sierra Wireless Inc.) C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Bdrive Inc.) C:\Program Files\NetDrive\netdrive.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
() C:\Users\TBLap\Downloads\Setup.exe
(ClickMeIn Limited) C:\Program Files (x86)\VuuPC\Connectivity.exe
(ClickMeIn Limited) C:\Program Files (x86)\VuuPC\RemoteEngine.exe
(ClickMeIn Limited) C:\Program Files (x86)\VuuPC\RemoteEngineHelper.exe
(ClickMeIn Limited) C:\Program Files (x86)\VuuPC\RemoteEngineHelper.exe
() C:\Program Files (x86)\Mobogenie\Mobogenie.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
() C:\Program Files (x86)\Mobogenie\mgadb.exe
() C:\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup_Intl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
() C:\Users\TBLap\AppData\Local\Temp\Setup1.exe
(White Sea Media) C:\Users\TBLap\AppData\Local\Temp\prefetch.exe
(Indigo Rose Corporation) C:\Users\TBLap\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
() C:\Users\TBLap\AppData\Local\Temp\GPUTemp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-05-01] (Intel Corporation)
HKLM-x32\...\Run: [TRUUpdater] - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\netdrive.exe [3587072 2013-03-16] (Bdrive Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()
HKLM-x32\...\Run: [GPUTemp] - C:\Users\TBLap\AppData\Local\Temp\GPUTemp.exe [1305312 2014-01-03] ()
HKLM-x32\...\Runonce: [Del748383] - cmd.exe /Q /D /c del "C:\Users\TBLap\AppData\Local\Temp\0.del" [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [OXUpdater] - C:\Users\TBLap\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe [2278920 2013-11-04] (Open-Xchange)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\TBLap\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKCU\...\Runonce: [Del748383] - cmd.exe /Q /D /c del "C:\Users\TBLap\AppData\Local\Temp\0.del"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ie_de_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ie_sp_OC1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C9D6F465DBCCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ie_de_display?ie=UTF8&tag=bds-p18-serp-de-ie-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ie_ds_OC1&query={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ie_de_display?ie=UTF8&tag=bds-p18-serp-de-ie-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ie_ds_OC1&query={searchTerms}
BHO: Mein Gutscheincode - {11111111-1111-1111-1111-110211941181} - C:\Program Files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho64.dll (Mein Gutscheincode GmbH)
BHO: Plus-HD-5.0 - {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll (Plus HD)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Mein Gutscheincode - {11111111-1111-1111-1111-110211941181} - C:\Program Files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll (Mein Gutscheincode GmbH)
BHO-x32: Plus-HD-5.0 - {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll (Plus HD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A4AF28B0-FA45-43DD-A670-ED981819DF2A}: [NameServer]139.7.30.126 139.7.30.125
FireFox:
========
FF ProfilePath: C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default
FF user.js: detected! => C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\user.js
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.handelsblatt.com/
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tag=bds-p18-serp-de-ff-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ff_ab_OC1&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\TBLap\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\searchplugins\amazon-distro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Mein Gutscheincode - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com
FF Extension: Plus-HD-5.0 - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com
FF Extension: Fingerfox (SE) - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5}
FF Extension: Foxtab Speed Dial - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF Extension: Amazon Browser Apps - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\abb@amazon.com.xpi
FF Extension: Youtube Downloader - Media Downloader - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\paulsaintuzb@gmail.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-03-16] (Bdrive Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RemoteEngineService; C:\Program Files (x86)\VuuPC\remoteengine.exe [2967568 2013-12-27] (ClickMeIn Limited)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [323952 2012-03-08] (Sierra Wireless, Inc.)
R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe [152944 2012-01-13] (Sierra Wireless, Inc.)
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-15] ()
R2 VuuPCConnectivity; C:\Program Files (x86)\VuuPC\Connectivity.exe [4747280 2013-12-27] (ClickMeIn Limited)
R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
R3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
R3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 SWUMX20; No ImagePath
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-03 15:21 - 2014-01-03 15:21 - 00022030 _____ C:\Users\TBLap\Downloads\FRST.txt
2014-01-03 15:21 - 2014-01-03 15:21 - 00001087 _____ C:\Users\TBLap\Desktop\MyPC Backup.lnk
2014-01-03 15:21 - 2014-01-03 15:21 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-01-03 15:21 - 2014-01-03 15:21 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+
2014-01-03 15:21 - 2014-01-03 15:21 - 00000000 ____D C:\FRST
2014-01-03 15:19 - 2014-01-03 15:21 - 01931750 _____ (Farbar) C:\Users\TBLap\Downloads\FRST64.exe
2014-01-03 15:19 - 2014-01-03 15:19 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2014-01-03 15:18 - 2014-01-03 15:18 - 00003118 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-01-03 15:18 - 2014-01-03 15:18 - 00001201 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-01-03 15:18 - 2014-01-03 15:18 - 00000000 ____D C:\ProgramData\Systweak
2014-01-03 15:18 - 2014-01-03 15:18 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2014-01-03 15:18 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2014-01-03 15:17 - 2014-01-03 15:18 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Systweak
2014-01-03 15:17 - 2014-01-03 15:18 - 00000000 ____D C:\Users\TBLap\AppData\Local\Mobogenie
2014-01-03 15:17 - 2014-01-03 15:17 - 00003320 _____ C:\Windows\System32\Tasks\Advanced System Protector
2014-01-03 15:17 - 2014-01-03 15:17 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2014-01-03 15:17 - 2014-01-03 15:17 - 00003026 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-01-03 15:17 - 2014-01-03 15:17 - 00002870 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-01-03 15:17 - 2014-01-03 15:17 - 00001107 _____ C:\Users\TBLap\Desktop\Continue AnyProtect Installation.lnk
2014-01-03 15:17 - 2014-01-03 15:17 - 00001050 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2014-01-03 15:17 - 2014-01-03 15:17 - 00000284 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-01-03 15:17 - 2014-01-03 15:17 - 00000276 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\Documents\Mobogenie
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\newnext.me
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\genienext
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\cache
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\.android
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 _____ C:\Users\TBLap\daemonprocess.txt
2014-01-03 15:17 - 2013-11-22 15:42 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-01-03 15:16 - 2014-01-03 15:18 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-03 15:16 - 2014-01-03 15:17 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2014-01-03 15:16 - 2014-01-03 15:16 - 00004358 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-updater
2014-01-03 15:16 - 2014-01-03 15:16 - 00004260 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-codedownloader
2014-01-03 15:16 - 2014-01-03 15:16 - 00004160 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-enabler
2014-01-03 15:16 - 2014-01-03 15:16 - 00002104 _____ C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001972 _____ C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001328 _____ C:\Windows\Tasks\Plus-HD-5.0-updater.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001230 _____ C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001130 _____ C:\Windows\Tasks\Plus-HD-5.0-enabler.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001019 _____ C:\Users\TBLap\Desktop\Mobogenie.lnk
2014-01-03 15:16 - 2014-01-03 15:16 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-03 15:16 - 2014-01-03 15:16 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2014-01-03 15:14 - 2014-01-03 15:16 - 00000000 ____D C:\Program Files (x86)\VuuPC
2014-01-03 15:14 - 2014-01-03 15:14 - 00003304 _____ C:\Windows\System32\Tasks\VuuPCUpdate
2014-01-03 15:14 - 2014-01-03 15:14 - 00003228 _____ C:\Windows\System32\Tasks\FoxTab
2014-01-03 15:14 - 2014-01-03 15:14 - 00003118 _____ C:\Windows\System32\Tasks\VuuPCUpdateLogin
2014-01-03 15:14 - 2014-01-03 15:14 - 00001144 _____ C:\Users\TBLap\Desktop\My VuuPC.lnk
2014-01-03 15:14 - 2014-01-03 15:14 - 00000288 _____ C:\Windows\Tasks\FoxTab.job
2014-01-03 15:14 - 2014-01-03 15:14 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC
2014-01-03 15:14 - 2014-01-03 15:14 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\FoxTab
2014-01-03 15:13 - 2014-01-03 15:13 - 00000000 ____D C:\Program Files (x86)\Foxtab
2014-01-03 15:12 - 2014-01-03 15:12 - 00576544 _____ C:\Users\TBLap\Downloads\Setup.exe
2014-01-03 10:47 - 2014-01-03 10:47 - 02209056 _____ C:\Users\TBLap\Downloads\avira-eu-cleaner_de.exe
2014-01-03 10:47 - 2014-01-03 10:47 - 00002025 _____ C:\Users\TBLap\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-03 10:47 - 2014-01-03 10:47 - 00001969 _____ C:\Users\TBLap\Desktop\Avira EU-Cleaner.lnk
2014-01-03 09:42 - 2014-01-03 09:45 - 25647320 _____ (Microsoft Corporation) C:\Users\TBLap\Downloads\Windows-KB890830-x64-V5.7.exe
2014-01-03 08:31 - 2014-01-03 08:31 - 00003130 _____ C:\Windows\System32\Tasks\{2A462003-E8A4-4748-84FD-6CF0C2309A6F}
2014-01-03 08:23 - 2014-01-03 08:23 - 01988724 _____ (Igor Pavlov) C:\Users\TBLap\Downloads\OXConnector.exe
2014-01-03 02:51 - 2014-01-03 02:51 - 01731712 _____ C:\Windows\Minidump\010314-14352-01.dmp
2014-01-02 15:57 - 2014-01-02 15:57 - 01783632 _____ C:\Windows\Minidump\010214-16333-01.dmp
2013-12-31 11:25 - 2013-12-31 11:47 - 00000000 ____D C:\Users\TBLap\.freemind
2013-12-31 11:24 - 2013-12-31 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 11:20 - 2013-12-31 11:20 - 00915368 _____ (Oracle Corporation) C:\Users\TBLap\Downloads\jxpiinstall.exe
2013-12-31 11:20 - 2013-12-31 11:20 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-12-31 11:12 - 2013-12-31 11:15 - 37618815 _____ ( ) C:\Users\TBLap\Downloads\FreeMind-Windows-Installer-1.0.0-max.exe
2013-12-23 10:26 - 2013-12-23 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 14:28 - 2013-12-14 14:28 - 00000000 ____D C:\Program Files (x86)\Open-Xchange
2013-12-14 03:01 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 03:01 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 03:01 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 03:01 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 03:01 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 03:01 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 03:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 03:01 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 03:01 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 03:01 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 03:01 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 03:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 03:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 03:01 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 03:01 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 03:01 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 03:01 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 03:00 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 03:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 03:00 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 03:00 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 03:00 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 03:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 03:00 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 03:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 03:00 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 03:00 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 03:00 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 03:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 03:00 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 03:00 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 03:00 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 03:00 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 03:00 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 03:00 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 09:33 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-13 09:33 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-13 09:33 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-13 09:33 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-13 09:33 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-13 09:33 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-13 09:33 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-13 09:33 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 09:33 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-13 09:33 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 09:33 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-13 09:32 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 09:32 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 09:32 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-13 09:32 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-13 09:32 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 09:32 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-13 09:32 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-13 09:32 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-05 00:34 - 2013-12-27 08:15 - 00000000 ____D C:\Users\TBLap\AppData\Local\CrashDumps
==================== One Month Modified Files and Folders =======
2014-01-03 15:21 - 2014-01-03 15:21 - 00022030 _____ C:\Users\TBLap\Downloads\FRST.txt
2014-01-03 15:21 - 2014-01-03 15:21 - 00001087 _____ C:\Users\TBLap\Desktop\MyPC Backup.lnk
2014-01-03 15:21 - 2014-01-03 15:21 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-01-03 15:21 - 2014-01-03 15:21 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+
2014-01-03 15:21 - 2014-01-03 15:21 - 00000000 ____D C:\FRST
2014-01-03 15:21 - 2014-01-03 15:19 - 01931750 _____ (Farbar) C:\Users\TBLap\Downloads\FRST64.exe
2014-01-03 15:21 - 2012-11-06 19:36 - 00000000 ___RD C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-03 15:19 - 2014-01-03 15:19 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2014-01-03 15:18 - 2014-01-03 15:18 - 00003118 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-01-03 15:18 - 2014-01-03 15:18 - 00001201 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-01-03 15:18 - 2014-01-03 15:18 - 00000000 ____D C:\ProgramData\Systweak
2014-01-03 15:18 - 2014-01-03 15:18 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2014-01-03 15:18 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Systweak
2014-01-03 15:18 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\Mobogenie
2014-01-03 15:18 - 2014-01-03 15:16 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-03 15:17 - 2014-01-03 15:17 - 00003320 _____ C:\Windows\System32\Tasks\Advanced System Protector
2014-01-03 15:17 - 2014-01-03 15:17 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2014-01-03 15:17 - 2014-01-03 15:17 - 00003026 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-01-03 15:17 - 2014-01-03 15:17 - 00002870 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-01-03 15:17 - 2014-01-03 15:17 - 00001107 _____ C:\Users\TBLap\Desktop\Continue AnyProtect Installation.lnk
2014-01-03 15:17 - 2014-01-03 15:17 - 00001050 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2014-01-03 15:17 - 2014-01-03 15:17 - 00000284 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-01-03 15:17 - 2014-01-03 15:17 - 00000276 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\Documents\Mobogenie
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\newnext.me
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\genienext
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\cache
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\.android
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 _____ C:\Users\TBLap\daemonprocess.txt
2014-01-03 15:17 - 2014-01-03 15:16 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2014-01-03 15:17 - 2012-11-06 19:36 - 00000000 ____D C:\Users\TBLap
2014-01-03 15:16 - 2014-01-03 15:16 - 00004358 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-updater
2014-01-03 15:16 - 2014-01-03 15:16 - 00004260 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-codedownloader
2014-01-03 15:16 - 2014-01-03 15:16 - 00004160 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-enabler
2014-01-03 15:16 - 2014-01-03 15:16 - 00002104 _____ C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001972 _____ C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001328 _____ C:\Windows\Tasks\Plus-HD-5.0-updater.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001230 _____ C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001130 _____ C:\Windows\Tasks\Plus-HD-5.0-enabler.job
2014-01-03 15:16 - 2014-01-03 15:16 - 00001019 _____ C:\Users\TBLap\Desktop\Mobogenie.lnk
2014-01-03 15:16 - 2014-01-03 15:16 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-03 15:16 - 2014-01-03 15:16 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2014-01-03 15:16 - 2014-01-03 15:14 - 00000000 ____D C:\Program Files (x86)\VuuPC
2014-01-03 15:14 - 2014-01-03 15:14 - 00003304 _____ C:\Windows\System32\Tasks\VuuPCUpdate
2014-01-03 15:14 - 2014-01-03 15:14 - 00003228 _____ C:\Windows\System32\Tasks\FoxTab
2014-01-03 15:14 - 2014-01-03 15:14 - 00003118 _____ C:\Windows\System32\Tasks\VuuPCUpdateLogin
2014-01-03 15:14 - 2014-01-03 15:14 - 00001144 _____ C:\Users\TBLap\Desktop\My VuuPC.lnk
2014-01-03 15:14 - 2014-01-03 15:14 - 00000288 _____ C:\Windows\Tasks\FoxTab.job
2014-01-03 15:14 - 2014-01-03 15:14 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC
2014-01-03 15:14 - 2014-01-03 15:14 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\FoxTab
2014-01-03 15:13 - 2014-01-03 15:13 - 00000000 ____D C:\Program Files (x86)\Foxtab
2014-01-03 15:12 - 2014-01-03 15:12 - 00576544 _____ C:\Users\TBLap\Downloads\Setup.exe
2014-01-03 15:08 - 2009-07-14 05:45 - 00022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 15:08 - 2009-07-14 05:45 - 00022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 15:07 - 2012-11-07 12:16 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 15:06 - 2011-04-12 08:43 - 00700592 _____ C:\Windows\system32\perfh007.dat
2014-01-03 15:06 - 2011-04-12 08:43 - 00149356 _____ C:\Windows\system32\perfc007.dat
2014-01-03 15:06 - 2009-07-14 06:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 15:04 - 2012-11-22 14:09 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Skype
2014-01-03 15:04 - 2012-11-06 19:34 - 01212964 _____ C:\Windows\WindowsUpdate.log
2014-01-03 15:02 - 2012-11-15 10:04 - 00000000 ___RD C:\Users\TBLap\Dropbox
2014-01-03 15:02 - 2012-11-07 19:49 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Dropbox
2014-01-03 15:02 - 2012-11-07 19:34 - 00000000 ___RD C:\Users\TBLap\Google Drive
2014-01-03 15:01 - 2012-11-12 18:27 - 00211979 _____ C:\ndsvc.log
2014-01-03 15:01 - 2012-11-07 12:16 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 15:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 15:01 - 2009-07-14 05:51 - 00054232 _____ C:\Windows\setupact.log
2014-01-03 14:58 - 2013-03-23 15:06 - 00000000 ____D C:\ProgramData\BMWiSoftware
2014-01-03 14:32 - 2012-12-12 15:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 10:47 - 2014-01-03 10:47 - 02209056 _____ C:\Users\TBLap\Downloads\avira-eu-cleaner_de.exe
2014-01-03 10:47 - 2014-01-03 10:47 - 00002025 _____ C:\Users\TBLap\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-03 10:47 - 2014-01-03 10:47 - 00001969 _____ C:\Users\TBLap\Desktop\Avira EU-Cleaner.lnk
2014-01-03 09:45 - 2014-01-03 09:42 - 25647320 _____ (Microsoft Corporation) C:\Users\TBLap\Downloads\Windows-KB890830-x64-V5.7.exe
2014-01-03 08:31 - 2014-01-03 08:31 - 00003130 _____ C:\Windows\System32\Tasks\{2A462003-E8A4-4748-84FD-6CF0C2309A6F}
2014-01-03 08:23 - 2014-01-03 08:23 - 01988724 _____ (Igor Pavlov) C:\Users\TBLap\Downloads\OXConnector.exe
2014-01-03 08:15 - 2013-08-08 10:50 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\vlc
2014-01-03 07:48 - 2012-11-07 00:16 - 00000000 ____D C:\Users\TBLap\AppData\Local\OXSTORE2
2014-01-03 02:51 - 2014-01-03 02:51 - 01731712 _____ C:\Windows\Minidump\010314-14352-01.dmp
2014-01-03 02:51 - 2013-03-28 16:53 - 523513159 _____ C:\Windows\MEMORY.DMP
2014-01-03 02:51 - 2013-03-28 16:53 - 00000000 ____D C:\Windows\Minidump
2014-01-02 23:11 - 2012-11-30 09:10 - 00000000 ____D C:\Program Files (x86)\LingoPad
2014-01-02 15:58 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-02 15:57 - 2014-01-02 15:57 - 01783632 _____ C:\Windows\Minidump\010214-16333-01.dmp
2014-01-02 15:57 - 2012-11-07 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-02 06:31 - 2013-02-14 12:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-31 11:47 - 2013-12-31 11:25 - 00000000 ____D C:\Users\TBLap\.freemind
2013-12-31 11:24 - 2013-12-31 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 11:20 - 2013-12-31 11:20 - 00915368 _____ (Oracle Corporation) C:\Users\TBLap\Downloads\jxpiinstall.exe
2013-12-31 11:20 - 2013-12-31 11:20 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-12-31 11:15 - 2013-12-31 11:12 - 37618815 _____ ( ) C:\Users\TBLap\Downloads\FreeMind-Windows-Installer-1.0.0-max.exe
2013-12-27 08:15 - 2013-12-05 00:34 - 00000000 ____D C:\Users\TBLap\AppData\Local\CrashDumps
2013-12-26 20:51 - 2013-01-31 19:46 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-12-23 10:26 - 2013-12-23 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 03:01 - 2013-08-02 10:23 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 14:28 - 2013-12-14 14:28 - 00000000 ____D C:\Program Files (x86)\Open-Xchange
2013-12-14 14:28 - 2012-11-07 00:15 - 00000020 _____ C:\Windows\oxstor32.ini
2013-12-14 14:18 - 2012-11-22 14:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-14 14:18 - 2012-11-22 14:08 - 00000000 ____D C:\ProgramData\Skype
2013-12-14 03:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 03:18 - 2009-07-14 05:45 - 00432480 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 03:01 - 2012-11-06 23:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 12:20 - 2013-08-27 14:52 - 00000000 ____D C:\Users\TBLap\AppData\Local\Windows Live
2013-12-13 10:33 - 2012-12-12 15:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 10:33 - 2012-11-13 15:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 10:33 - 2012-11-13 15:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2476.dll
Some content of TEMP:
====================
C:\Users\TBLap\AppData\Local\Temp\AcDeltree.exe
C:\Users\TBLap\AppData\Local\Temp\BackupSetup.exe
C:\Users\TBLap\AppData\Local\Temp\bdfilters.dll
C:\Users\TBLap\AppData\Local\Temp\DE_de_Avery_AW40.exe
C:\Users\TBLap\AppData\Local\Temp\GLF289A.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF29E3.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF2B59.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF2D3D.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF3DEE.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF3E4C.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF3F46.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF409E.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF5C47.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF5D8F.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF5E5B.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF5F83.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF605D.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF61F3.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF63B6.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF6637.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF6913.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF6A2C.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF6B65.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF6B74.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF737F.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF74F5.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF7592.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF76F9.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF8164.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF8413.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF91B8.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF9487.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF9A32.EXE
C:\Users\TBLap\AppData\Local\Temp\GLF9C55.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFB2B.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFB455.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFB6A7.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFC688.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFC89C.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFDBC.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFDEFD.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFE0F1.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFE9C7.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFEBAB.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFED30.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFEE78.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFEFDF.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFF127.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFF3CF.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFF602.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFF79C.EXE
C:\Users\TBLap\AppData\Local\Temp\GLFFA0D.EXE
C:\Users\TBLap\AppData\Local\Temp\GPUTemp.exe
C:\Users\TBLap\AppData\Local\Temp\ICReinstall_nsl264C.tmp.exe
C:\Users\TBLap\AppData\Local\Temp\klv0o08d.dll
C:\Users\TBLap\AppData\Local\Temp\MSETUP4.EXE
C:\Users\TBLap\AppData\Local\Temp\OpenCL.dll
C:\Users\TBLap\AppData\Local\Temp\ose00000.exe
C:\Users\TBLap\AppData\Local\Temp\prefetch.exe
C:\Users\TBLap\AppData\Local\Temp\Setup1.exe
C:\Users\TBLap\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TBLap\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 11:34
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2014
Ran by TBLap at 2014-01-03 15:22:57
Running from C:\Users\TBLap\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
7-Zip 9.20 (x32 Version: - )
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Advanced System Protector (x32 Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (x32 Version: - Akamai Technologies, Inc)
Amazon Browser Bar (Version: 3.0.2012.0802 - Amazon)
Amazon Browser Settings (Version: 3.0.2012.0507 - Amazon)
AuthenTec TrueSuite (Version: 5.2.0.675 - AuthenTec, Inc.)
AuthenTec WinBio FingerPrint Software (Version: 3.2.1.1030 - AuthenTec, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2 (x32 Version: 1.2.0 - Autodesk)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
AVM FRITZ!Box Dokumentation (x32 Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (x32 Version: - AVM Berlin)
Bandicam (x32 Version: 1.9.0.397 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (x32 Version: - Bandisoft.com)
BMWi Updater (x32 Version: 1.0 - A2C Software AG, Aachen)
BMWi Updater (x32 Version: 1.0 - A2C Software AG, Aachen) Hidden
BMWi-Businessplaner Fuehren (x32 Version: 1.0.1 - UNKNOWN)
BMWi-Businessplaner Fuehren (x32 Version: 1.0.1 - UNKNOWN) Hidden
BMWi-Businessplaner Gründung (x32 Version: 1.0.1 - UNKNOWN)
BMWi-Businessplaner Gründung (x32 Version: 1.0.1 - UNKNOWN) Hidden
BMWi-Controlling (x32 Version: - A2C Software AG, Technologiezentrum am Europaplatz, 52068 Aachen)
BMWi-Softwarepaket 10 - Controlling (x32 Version: 10.0 - A2C Software AG)
BMWi-Softwarepaket 10 - Controlling (x32 Version: 10.0 - A2C Software AG, Aachen) Hidden
BMWi-Softwarepaket 10 - Kosten-und Leistungsrechnung (x32 Version: 10.0 - A2C Software AG)
BMWi-Softwarepaket 10 - Kosten-und Leistungsrechnung (x32 Version: 10.0 - A2C Software AG, Aachen) Hidden
BMWi-Strategieplaner (x32 Version: 1.0.0 - <no manufacturer>)
Camtasia Studio 8 (x32 Version: 8.1.2.1344 - TechSmith Corporation)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon IJ Network Scanner Selector EX (x32 Version: - )
Canon IJ Network Tool (x32 Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32 Version: - )
Canon iP4200 (Version: - )
Canon iX6500 series Benutzerregistrierung (x32 Version: - )
Canon iX6500 series Printer Driver (Version: - )
Canon MP Navigator EX 5.1 (x32 Version: - )
Canon MX890 series Benutzerregistrierung (x32 Version: - )
Canon MX890 series MP Drivers (Version: - )
Canon My Printer (x32 Version: 3.0.0 - Canon Inc.)
Canon Solution Menu EX (x32 Version: - )
CDBurnerXP (x32 Version: 4.5.0.3717 - CDBurnerXP)
Citrix Online Launcher (x32 Version: 1.0.122 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409 - Evernote Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxtab (x32 Version: - FoxTab) <==== ATTENTION
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1 - www.hellopdf.com)
Free YouTube Download version 3.2.0.128 (x32 Version: 3.2.0.128 - DVDVideoSoft Ltd.)
FreeMind (x32 Version: 1.0.0 - )
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172 - CitrixOnline)
GPU Monitor (x32 Version: 11.041.44 - GPU Usage) <==== ATTENTION
HW Gobi 3000 Driver 1.08.00.00 (x32 Version: 1.08.00.00 - Huawei technologies Co., Ltd.)
IcoFX 1.6.4 (x32 Version: - )
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.0.0.0083 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.00.0000.0708 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kostenleistungsrechnung (x32 Version: - A2C Software AG, Technologiezentrum am Europaplatz, 52068 Aachen)
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
LingoPad 2.6 (Build 360) (x32 Version: 2.6 - Lingo4you)
Mein Gutscheincode (x32 Version: 1.28.153.1 - Mein Gutscheincode GmbH)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Minicontrol 3.1.6 (x32 Version: 3.1.6 - LucaNet AG)
Miniplan 3.1.5 (x32 Version: 3.1.5 - LucaNet AG)
Mobogenie (x32 Version: - Mobogenie.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPC Backup (Version: - MyPC Backup) <==== ATTENTION
NetDrive (x32 Version: 1.3.2.0 - Bdrive Inc.)
NVIDIA Grafiktreiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.1111 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.1111 (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OneClick Internet (x32 Version: 3.0 - OneClick Internet)
Open-Xchange Updater (x32 Version: 6.18.23 - Open-Xchange Inc.)
OXtender 2 for Microsoft Outlook (x32 Version: 7.2.3 - Open-Xchange AG)
PDFCreator (x32 Version: 1.7.1 - pdfforge)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (x32 Version: 1.8.0 - Prolific Technology INC)
Plus-HD-5.0 (x32 Version: 1.31.153.3 - Plus HD) <==== ATTENTION
PSD Viewer (x32 Version: - IdeaMK)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 9.2 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
RegClean Pro (x32 Version: 6.21 - Systweak Inc) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Sierra Wireless AirCard Watcher (x32 Version: 6.0.3411.7504 - Sierra Wireless Inc.)
Sierra Wireless QMI Driver Package (x32 Version: 1.0.34.0 - Sierra Wireless Inc.)
SketchUp 2013 (x32 Version: 13.0.4124 - Trimble Navigation Limited)
Skype Click to Call (x32 Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Snapshot Viewer 9.0 (x32 Version: - )
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VAIO Control Center (x32 Version: 5.2.2.16060 - Sony Corporation)
VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VuuPC Packages (HKCU Version: - )
VuuPC, You're Always a Click Away! (x32 Version: 1.0.0.264 - VuuPC Limited)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Restore Points =========================
13-12-2013 08:34:30 Windows Update
14-12-2013 02:00:11 Windows Update
15-12-2013 02:00:10 Windows Update
18-12-2013 07:28:28 Windows Update
19-12-2013 03:48:35 Windows-Sicherung
23-12-2013 08:27:18 Windows Update
26-12-2013 20:02:41 Windows Update
30-12-2013 10:38:07 Windows Update
31-12-2013 10:24:12 Installed Java 7 Update 45
02-01-2014 17:29:11 Windows Update
03-01-2014 11:21:20 Avira EU-Cleaner - 03.01.2014 12:21
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0997B786-4B48-44C2-AABD-0BAD89C6E7D2} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {0CD91BF4-F28E-425A-B9B2-771D043A502F} - System32\Tasks\VuuPCUpdateLogin => C:\Program Files (x86)\VuuPC\VuuPCUpdater.exe [2013-12-27] (VuuPC Limited)
Task: {1F180059-8029-4C95-8EDD-575F137ABF27} - System32\Tasks\VuuPCUpdate => C:\Program Files (x86)\VuuPC\VuuPCUpdater.exe [2013-12-27] (VuuPC Limited)
Task: {20FD3AFF-095F-4F85-BD50-052AB5518D19} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {22A9FE4A-B7BC-4B6B-ABE5-6A19A87CD15C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {3290A3CC-5527-45D7-8EAE-A191B5D5E4CC} - System32\Tasks\Plus-HD-5.0-chromeinstaller => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-chromeinstaller.exe [2014-01-03] (Plus HD) <==== ATTENTION
Task: {4830496C-D885-4B88-9C89-F4F8D8B93F24} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION
Task: {49855399-9FBE-4858-9B26-17A03F497EE7} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {49DFEC47-5EA4-4772-ACF9-B7AADB2DD5CB} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION
Task: {56F24E27-4787-468B-9D31-FF32AFF91A57} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION
Task: {6A1ED1DA-1092-4755-97CA-6247A2E31AD9} - System32\Tasks\FoxTab => C:\Users\TBLap\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {7D42B1A4-C1F8-4FC5-BA26-477820210B80} - System32\Tasks\RunAsStdUser Task => C:\Program Files\NetDrive\netdrive.exe [2013-03-16] (Bdrive Inc.)
Task: {8BC30516-1359-4307-A851-C8335833129A} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-12-23] (Systweak) <==== ATTENTION
Task: {94AC859F-44A2-4239-8454-626061D5D012} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {A6692E94-8828-436D-8801-E19E4815434A} - System32\Tasks\Plus-HD-5.0-enabler => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-enabler.exe [2014-01-03] (Plus HD) <==== ATTENTION
Task: {B0320D35-0646-4E4D-98F9-955C04988AB9} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {CCD08240-6F90-4FA1-B05A-0BC33FC2F696} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {D03E2C96-D485-462E-A18B-EEAA9919DC65} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\systweakasp.exe [2013-08-23] (Systweak Inc ) <==== ATTENTION
Task: {D585FB84-BE41-4316-A05F-01A4701105A9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DC8BA8A5-077E-453D-A9A7-7608F7C5246F} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {E5D4C33D-D1A9-4EC8-AC3F-0626F025019B} - System32\Tasks\Plus-HD-5.0-firefoxinstaller => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-firefoxinstaller.exe [2014-01-03] (Plus HD) <==== ATTENTION
Task: {EAAC7634-A414-4540-9616-399A2DC03837} - System32\Tasks\Plus-HD-5.0-codedownloader => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-codedownloader.exe [2014-01-03] (Plus HD) <==== ATTENTION
Task: {EF3A3232-7889-4F99-B995-ACF6C10F7F35} - System32\Tasks\Plus-HD-5.0-updater => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-updater.exe [2014-01-03] (Plus HD) <==== ATTENTION
Task: {F8BE124E-25F0-4348-B36E-F90CC92040E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\TBLap\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-5.0-enabler.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-5.0-updater.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-02-20 04:57 - 2012-02-20 04:57 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-02-20 04:57 - 2012-02-20 04:57 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-10-10 02:22 - 2012-10-10 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-22 09:08 - 2011-03-22 09:08 - 00161280 _____ () C:\Program Files\NetDrive\libexpat.dll
2007-11-11 09:58 - 2007-11-11 09:58 - 00180736 _____ () C:\Program Files\NetDrive\libmcrypt.dll
2012-11-06 23:45 - 2012-04-06 14:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2013-09-06 09:08 - 2013-09-06 09:08 - 00008192 _____ () C:\Users\TBLap\AppData\Local\Open-Xchange\OXUpdater\OXNet.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\TBLap\AppData\Roaming\Dropbox\bin\libcef.dll
2011-11-03 17:39 - 2011-11-03 17:39 - 00251248 _____ () C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-01-03 15:01 - 2014-01-03 15:01 - 00098816 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32api.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00110080 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\pywintypes27.dll
2014-01-03 15:01 - 2014-01-03 15:01 - 00364544 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\pythoncom27.dll
2014-01-03 15:01 - 2014-01-03 15:01 - 00044032 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\_socket.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 01153024 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\_ssl.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00320512 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32com.shell.shell.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00711680 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\_hashlib.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 01175040 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\wx._core_.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00805888 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\wx._gdi_.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00811008 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\wx._windows_.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 01062400 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\wx._controls_.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00735232 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\wx._misc_.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00128512 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\_elementtree.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00127488 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\pyexpat.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00557056 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\pysqlite2._sqlite.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00087040 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\_ctypes.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00119808 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32file.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00108544 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32security.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00018432 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32event.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00038912 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32inet.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00122368 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\wx._wizard.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00026624 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\_multiprocessing.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00070656 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\wx._html2.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00010240 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\select.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00686080 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\unicodedata.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00025600 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32pdh.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00521680 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\windows._lib_cacheinvalidation.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00011264 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32crypt.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00024064 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32pipe.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00035840 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32process.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00017408 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32profile.pyd
2014-01-03 15:01 - 2014-01-03 15:01 - 00022528 _____ () C:\Users\TBLap\AppData\Local\Temp\_MEI47722\win32ts.pyd
2013-12-23 10:26 - 2013-12-23 10:26 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-13 10:32 - 2013-12-13 10:33 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\TBLap\Desktop\1.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/03/2014 03:01:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 02:59:07 PM) (Source: Application Hang) (User: )
Description: Programm KostenLeistungsRechnung.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11b0
Startzeit: 01cf088bdb103d97
Endzeit: 12
Anwendungspfad: C:\ProgramData\BMWiSoftware\KostenLeistungsRechnung\KostenLeistungsRechnung.exe
Berichts-ID: 32e14630-747f-11e3-986b-00a0c6000000
Error: (01/03/2014 08:31:13 AM) (Source: MsiInstaller) (User: TBLap-PC)
Description: Produkt: Open-Xchange Updater -- Fehler 1316. Beim Lesen der Datei ist ein Netzwerkfehler aufgetreten: C:\Users\TBLap\AppData\Local\Temp\7zSF0F3.tmp\OXUpdater_de_DE.msi
Error: (01/03/2014 08:30:19 AM) (Source: MsiInstaller) (User: TBLap-PC)
Description: Produkt: Open-Xchange Updater -- Fehler 1316. Beim Lesen der Datei ist ein Netzwerkfehler aufgetreten: C:\Users\TBLap\AppData\Local\Temp\7zSFA9.tmp\OXUpdater_de_DE.msi
Error: (01/03/2014 07:46:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 07:43:39 AM) (Source: Microsoft Office 14) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.
Möchten Sie Outlook im abgesicherten Modus starten?.
Accepted Safe Mode action : Microsoft Outlook.
Error: (01/03/2014 07:37:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7109.5000, Zeitstempel: 0x522a3402
Name des fehlerhaften Moduls: olmapi32.dll, Version: 14.0.7109.5000, Zeitstempel: 0x522a335e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00010f3e
ID des fehlerhaften Prozesses: 0x1b04
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Error: (01/03/2014 02:51:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 01:20:14 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/03/2014 01:20:14 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (01/03/2014 03:04:18 PM) (Source: DCOM) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}
Error: (01/03/2014 03:03:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/03/2014 03:03:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/03/2014 09:07:49 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (01/03/2014 07:48:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/03/2014 07:48:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/03/2014 07:37:18 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Akamai erreicht.
Error: (01/03/2014 03:21:29 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (01/03/2014 02:53:25 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/03/2014 02:53:25 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (01/03/2014 03:01:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 02:59:07 PM) (Source: Application Hang)(User: )
Description: KostenLeistungsRechnung.exe1.0.0.011b001cf088bdb103d9712C:\ProgramData\BMWiSoftware\KostenLeistungsRechnung\KostenLeistungsRechnung.exe32e14630-747f-11e3-986b-00a0c6000000
Error: (01/03/2014 08:31:13 AM) (Source: MsiInstaller)(User: TBLap-PC)
Description: Produkt: Open-Xchange Updater -- Fehler 1316. Beim Lesen der Datei ist ein Netzwerkfehler aufgetreten: C:\Users\TBLap\AppData\Local\Temp\7zSF0F3.tmp\OXUpdater_de_DE.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/03/2014 08:30:19 AM) (Source: MsiInstaller)(User: TBLap-PC)
Description: Produkt: Open-Xchange Updater -- Fehler 1316. Beim Lesen der Datei ist ein Netzwerkfehler aufgetreten: C:\Users\TBLap\AppData\Local\Temp\7zSFA9.tmp\OXUpdater_de_DE.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/03/2014 07:46:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 07:43:39 AM) (Source: Microsoft Office 14)(User: )
Description: Microsoft OutlookOutlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.
Möchten Sie Outlook im abgesicherten Modus starten?
Error: (01/03/2014 07:37:21 AM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE14.0.7109.5000522a3402olmapi32.dll14.0.7109.5000522a335ec000000500010f3e1b0401cf084e39a63c01C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office14\olmapi32.dll7ef376e1-7441-11e3-8d90-00a0c6000000
Error: (01/03/2014 02:51:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 01:20:14 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*C:\Program Files (x86)\BMWi\BMWi Updater\BMWiUpdater\DelZip179.dllC:\Program Files (x86)\BMWi\BMWi Updater\BMWiUpdater\DelZip179.dll8
Error: (01/03/2014 01:20:14 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*C:\Program Files (x86)\BMWi\BMWi Updater\DelZip179.dllC:\Program Files (x86)\BMWi\BMWi Updater\DelZip179.dll8
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 8091.28 MB
Available physical RAM: 5298.51 MB
Total Pagefile: 16180.73 MB
Available Pagefile: 13351.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.26 GB) (Free:128.74 GB) NTFS
Drive e: () (Fixed) (Total:465.76 GB) (Free:437.11 GB) NTFS
Drive f: () (Removable) (Total:2 GB) (Free:2 GB) FAT
Drive g: () (Network) (Total:238.26 GB) (Free:128.74 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 6A01A675)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 09C9899A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
04.01.2014, 15:29
| #4 | |
| /// the machine /// TB-Ausbilder | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbarCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.01.2014, 11:16
| #5 |
| | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Combofix Logfile: Code:
ATTFilter ComboFix 14-01-04.03 - TBLap 06.01.2014 11:03:14.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8091.5763 [GMT 1:00]
ausgeführt von:: c:\users\TBLap\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\autorun.inf
c:\program files (x86)\Setup.exe
c:\programdata\Roaming
c:\users\Public\AlexaNSISPlugin.2476.dll
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{18855B5B-8227-4033-9E20-42B3D9959201}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5F81F087-BB8B-40EF-AE3C-7E7A62D2FBA3}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7209041D-1FAC-4025-9D76-D976BC953D12}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8619355E-BEDA-4607-A2E7-E14F80539FC7}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D5043E1-E414-490B-BD7D-9B85D3538E13}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BA76C6CD-FF4D-4509-A393-2DA0CF9A51D8}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C74131F7-0F0F-4AA2-A41A-4664CB619C81}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA70EF5D-1C9D-4A1E-A3B0-CDDA02235441}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DC7C2D81-69AB-4BB5-AC12-DA0B04212BC2}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EEDD0AC2-D939-4C80-935E-6FA2BF312568}.xps
c:\users\TBLap\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F54AB03B-7FFD-430D-A09F-B05628B7AB2A}.xps
c:\users\TBLap\AppData\Local\Temp\_MEI47722\_ctypes.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\_elementtree.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\_hashlib.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\_multiprocessing.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\_socket.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\_ssl.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\pyexpat.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\pysqlite2._sqlite.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\python27.dll
c:\users\TBLap\AppData\Local\Temp\_MEI47722\pythoncom27.dll
c:\users\TBLap\AppData\Local\Temp\_MEI47722\PyWinTypes27.dll
c:\users\TBLap\AppData\Local\Temp\_MEI47722\select.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\unicodedata.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32api.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32com.shell.shell.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32crypt.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32event.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32file.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32inet.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32pdh.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32pipe.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32process.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32profile.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32security.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\win32ts.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\windows._lib_cacheinvalidation.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wx._controls_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wx._core_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wx._gdi_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wx._html2.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wx._misc_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wx._windows_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wx._wizard.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wxbase294u_net_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wxbase294u_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wxmsw294u_adv_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wxmsw294u_core_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wxmsw294u_html_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI47722\wxmsw294u_webview_vc90.dll
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome.manifest
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\asyncDB.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\background.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\browserAction.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\contextMenu.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\dbManager.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\dom_bg.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\fileManager.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\firefox.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\firefoxNotifications.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\firefoxOmnibox.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\message.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\pageAction.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\request.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\tabs.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\api\webRequest.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\background.html
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\baseObject.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\browser.xul
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\console.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\consts.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\delegate.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\extensionDataStore.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\folderIOWrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\httpObserver.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\IDBWrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\installer.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\logFile.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\prefs.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\progressListenerObserver.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\registry.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\reloadObserver.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\reports.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\requestObject.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\searchSettings.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\uninstallObserver.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\updateManager.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\utils.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\core\xhr.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\dialog.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\main.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\options.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\options.xul
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\search_dialog.xul
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\defaults\preferences\prefs.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\manifest.xml
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins.json
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\1_base.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\17_jQuery.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\182_openUrl.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\183_tabsWrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\21_debug.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\22_resources.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\28_initializer.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\47_resources_background.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\64_appApiMessage.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\72_appApiValidation.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\plugins\98_omniCommands.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\userCode\background.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\extensionData\userCode\extension.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\install.rdf
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\locale\en-US\translations.dtd
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\button1.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\button2.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\button3.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\button4.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\button5.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\crossrider_statusbar.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\icon128.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\icon16.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\icon24.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\icon48.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\panelarrow-up.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\popup.html
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\skin.css
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\skin\update.css
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome.manifest
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\asyncDB.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\background.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\browserAction.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\contextMenu.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\dbManager.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\dom_bg.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\fileManager.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\firefox.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\firefoxNotifications.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\firefoxOmnibox.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\message.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\pageAction.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\request.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\tabs.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\api\webRequest.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\background.html
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\baseObject.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\browser.xul
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\console.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\consts.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\delegate.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\extensionDataStore.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\folderIOWrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\httpObserver.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\IDBWrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\installer.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\logFile.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\prefs.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\progressListenerObserver.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\registry.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\reloadObserver.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\reports.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\requestObject.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\searchSettings.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\uninstallObserver.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\updateManager.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\utils.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\core\xhr.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\dialog.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\main.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\options.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\options.xul
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\chrome\content\search_dialog.xul
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\defaults\preferences\prefs.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\manifest.xml
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins.json
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\1_base.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\102_dealply_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\103_intext_5_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\104_jollywallet_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\105_corticas_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\108_icm_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\119_similar_web_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\120_luck_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\123_intext_adv_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\125_arcadi2_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\127_revizer_p_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\135_arcadi3_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\138_getdeal_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\142_intext_fa_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\17_jQuery.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\175_coolmirage_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\182_openUrl.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\183_tabsWrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\189_active_sanity.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\190_pops_5_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\191_ciuvo_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\197_kreapixel_pops_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\200_foxydeal_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\204_pricedetect_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\21_debug.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\22_resources.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\28_initializer.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\47_resources_background.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\64_appApiMessage.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\7_hooks.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\72_appApiValidation.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\9_search_engine_hook.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\98_omniCommands.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\userCode\background.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\userCode\extension.js
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\install.rdf
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\locale\en-US\translations.dtd
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\button1.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\button2.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\button3.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\button4.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\button5.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\crossrider_statusbar.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\icon128.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\icon16.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\icon24.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\icon48.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\panelarrow-up.png
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\popup.html
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\skin.css
c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\skin\update.css
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-06 bis 2014-01-06 ))))))))))))))))))))))))))))))
.
.
2014-01-06 09:38 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19F55EC1-5A4C-474D-918C-7BB9CA6BC1B0}\mpengine.dll
2014-01-04 10:35 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-03 14:21 . 2014-01-06 10:08 -------- d-----w- c:\program files (x86)\MyPC Backup
2014-01-03 14:21 . 2014-01-03 14:21 -------- d-----w- c:\program files (x86)\VLC Player GPU+
2014-01-03 14:21 . 2014-01-03 14:21 -------- d-----w- C:\FRST
2014-01-03 14:19 . 2014-01-03 14:19 -------- d-----w- c:\users\TBLap\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2014-01-03 14:18 . 2014-01-03 14:18 -------- d-----w- c:\programdata\Systweak
2014-01-03 14:18 . 2014-01-03 14:18 -------- d-----w- c:\program files (x86)\Advanced System Protector
2014-01-03 14:18 . 2012-07-25 11:03 16896 ----a-w- c:\windows\system32\sasnative64.exe
2014-01-03 14:17 . 2014-01-03 14:18 -------- d-----w- c:\users\TBLap\AppData\Roaming\Systweak
2014-01-03 14:17 . 2014-01-03 14:17 -------- d-----w- c:\users\TBLap\.android
2014-01-03 14:17 . 2013-11-22 14:42 20312 ----a-w- c:\windows\system32\roboot64.exe
2014-01-03 14:17 . 2014-01-06 10:09 -------- d-----w- c:\users\TBLap\AppData\Roaming\newnext.me
2014-01-03 14:17 . 2014-01-06 09:42 -------- d-----w- c:\users\TBLap\AppData\Local\Mobogenie
2014-01-03 14:17 . 2014-01-03 15:48 -------- d-----w- c:\users\TBLap\AppData\Local\genienext
2014-01-03 14:17 . 2014-01-03 15:48 -------- d-----w- c:\users\TBLap\AppData\Local\cache
2014-01-03 14:16 . 2014-01-03 14:17 -------- d-----w- c:\program files (x86)\RegClean Pro
2014-01-03 14:16 . 2014-01-03 14:16 -------- d-----w- c:\program files (x86)\Plus-HD-5.0
2014-01-03 14:16 . 2014-01-03 16:03 -------- d-----w- c:\program files (x86)\Mobogenie
2014-01-03 14:14 . 2014-01-06 09:29 -------- d-----w- c:\program files (x86)\VuuPC
2014-01-03 14:14 . 2014-01-03 14:14 -------- d-----w- c:\users\TBLap\AppData\Roaming\FoxTab
2014-01-03 14:13 . 2014-01-03 14:13 -------- d-----w- c:\program files (x86)\Foxtab
2013-12-31 10:25 . 2013-12-31 10:47 -------- d-----w- c:\users\TBLap\.freemind
2013-12-31 10:24 . 2013-12-31 10:24 -------- d-----w- c:\programdata\Oracle
2013-12-31 10:24 . 2013-12-31 10:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-31 10:24 . 2013-12-31 10:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-31 10:24 . 2013-12-31 10:24 -------- d-----w- c:\program files (x86)\Java
2013-12-31 10:20 . 2013-12-31 10:20 -------- d-----w- c:\program files (x86)\FreeMind
2013-12-14 13:28 . 2013-12-14 13:28 -------- d-----w- c:\program files (x86)\Open-Xchange
2013-12-14 02:00 . 2013-11-26 11:54 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-12-13 08:33 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-13 08:33 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-13 08:33 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-13 08:33 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-13 08:33 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-13 08:33 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-13 08:33 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-13 08:33 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-13 08:33 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-13 08:33 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-13 08:33 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-13 08:32 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-13 08:32 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-13 08:32 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-13 08:32 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-13 08:32 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-13 08:32 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-13 08:32 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-13 08:32 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-09 11:09 . 2013-10-18 01:13 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C04F8AD-84C4-4863-93AA-6976D0E68B71}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-13 09:33 . 2012-11-13 14:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-13 09:33 . 2012-11-13 14:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-01 13:42 . 2012-11-06 19:46 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-27 02:00 . 2013-11-27 02:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 02:00 . 2013-11-27 02:00 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 02:00 . 2013-11-27 02:00 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 02:00 . 2013-11-27 02:00 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-27 02:00 . 2013-11-27 02:00 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 02:00 . 2013-11-27 02:00 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 02:00 . 2013-11-27 02:00 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 02:00 . 2013-11-27 02:00 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 02:00 . 2013-11-27 02:00 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 02:00 . 2013-11-27 02:00 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 02:00 . 2013-11-27 02:00 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 02:00 . 2013-11-27 02:00 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 02:00 . 2013-11-27 02:00 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 02:00 . 2013-11-27 02:00 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 02:00 . 2013-11-27 02:00 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-27 02:00 . 2013-11-27 02:00 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 02:00 . 2013-11-27 02:00 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 02:00 . 2013-11-27 02:00 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 02:00 . 2013-11-27 02:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 02:00 . 2013-11-27 02:00 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 02:00 . 2013-11-27 02:00 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 02:00 . 2013-11-27 02:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 02:00 . 2013-11-27 02:00 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 02:00 . 2013-11-27 02:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 02:00 . 2013-11-27 02:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 02:00 . 2013-11-27 02:00 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 02:00 . 2013-11-27 02:00 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 02:00 . 2013-11-27 02:00 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 02:00 . 2013-11-27 02:00 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 02:00 . 2013-11-27 02:00 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 02:00 . 2013-11-27 02:00 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 02:00 . 2013-11-27 02:00 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 02:00 . 2013-11-27 02:00 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 02:00 . 2013-11-27 02:00 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 02:00 . 2013-11-27 02:00 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 02:00 . 2013-11-27 02:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 02:00 . 2013-11-27 02:00 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-27 02:00 . 2013-11-27 02:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 02:00 . 2013-11-27 02:00 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 02:00 . 2013-11-27 02:00 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 02:00 . 2013-11-27 02:00 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 02:00 . 2013-11-27 02:00 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 02:00 . 2013-11-27 02:00 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 02:00 . 2013-11-27 02:00 413696 ----a-w- c:\windows\system32\html.iec
2013-11-27 02:00 . 2013-11-27 02:00 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 02:00 . 2013-11-27 02:00 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 02:00 . 2013-11-27 02:00 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 02:00 . 2013-11-27 02:00 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 02:00 . 2013-11-27 02:00 235520 ----a-w- c:\windows\system32\url.dll
2013-11-27 02:00 . 2013-11-27 02:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 02:00 . 2013-11-27 02:00 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-27 02:00 . 2013-11-27 02:00 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 02:00 . 2013-11-27 02:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 02:00 . 2013-11-27 02:00 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 02:00 . 2013-11-27 02:00 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 02:00 . 2013-11-27 02:00 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-21 08:32 . 2013-11-21 08:32 4169784 ----a-w- c:\windows\SysWow64\oxstor32.dll
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-18 01:13 . 2012-11-29 08:44 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-14 17:00 . 2013-11-27 02:03 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 06:35 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 06:35 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 06:35 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 06:35 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 06:35 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211941181}]
2013-09-11 08:33 600712 ----a-w- c:\program files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}]
2014-01-03 14:16 644968 ----a-w- c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:48 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
2012-05-10 00:05 1607472 ----a-w- c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [2012-05-10 1607472]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OXUpdater"="c:\users\TBLap\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe" [2013-11-04 2278920]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Akamai NetSession Interface"="c:\users\TBLap\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"NextLive"="c:\users\TBLap\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-01 291608]
"TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2011-11-03 329072]
"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2011-08-04 140656]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NetDrive"="c:\program files\NetDrive\netdrive.exe" [2013-03-16 3587072]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-12-02 1316248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-01-03 761536]
"GPULoader"="c:\program files (x86)\VLC Player GPU+\GPULog.exe" [2013-12-27 1328864]
.
c:\users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888]
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-9-19 1953320]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ndfs;ndfs;c:\program files\NetDrive\ndfs.sys;c:\program files\NetDrive\ndfs.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 RemoteEngineService;VuuPC RemoteEngine Service;c:\program files (x86)\VuuPC\remoteengine.exe;c:\program files (x86)\VuuPC\remoteengine.exe [x]
R4 VuuPCConnectivity;VuuPC Connectivity;c:\program files (x86)\VuuPC\Connectivity.exe;c:\program files (x86)\VuuPC\Connectivity.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 ndsvc;NetDrive Service;c:\program files\NetDrive\ndsvc.exe;c:\program files\NetDrive\ndsvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 SwiService;Sierra Wireless Service;c:\program files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe;c:\program files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe [x]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe;c:\program files (x86)\OneClickInternet\WTGService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kfilter.sys [x]
S3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kmbb.sys [x]
S3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kserial.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-13 09:33]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 11:16]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 11:16]
.
2014-01-06 c:\windows\Tasks\Plus-HD-5.0-chromeinstaller.job
- c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-chromeinstaller.exe [2014-01-03 14:16]
.
2014-01-06 c:\windows\Tasks\Plus-HD-5.0-codedownloader.job
- c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-codedownloader.exe [2014-01-03 14:16]
.
2014-01-06 c:\windows\Tasks\Plus-HD-5.0-enabler.job
- c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-enabler.exe [2014-01-03 14:16]
.
2014-01-06 c:\windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-firefoxinstaller.exe [2014-01-03 14:16]
.
2014-01-06 c:\windows\Tasks\Plus-HD-5.0-updater.job
- c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-updater.exe [2014-01-03 14:16]
.
2014-01-06 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-03 14:42]
.
2014-01-06 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-03 14:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:48 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ie_de_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ie_sp_OC1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{A4AF28B0-FA45-43DD-A670-ED981819DF2A}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.handelsblatt.com/
FF - prefs.js: keyword.URL - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tag=bds-p18-serp-de-ff-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ff_ab_OC1&query=
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 193300825
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0CyEzzyDtDzz0B0EtD0FyC0A0A0BtCyEtN0D0Tzu0CyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu1G2Z1S
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-GPUTemp - c:\users\TBLap\AppData\Local\Temp\GPUTemp.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a9,a7,16,93,6f,bc,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\VLC Player GPU+\GPUMonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-06 11:13:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-01-06 10:13
.
Vor Suchlauf: 8 Verzeichnis(se), 138.860.199.936 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 143.660.580.864 Bytes frei
.
- - End Of File - - BF97103D238E13A5317DD0E50EE4895B
5FB38429D5D77768867C76DCBDB35194 |
|
06.01.2014, 12:29
| #6 |
| | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Ich weiß, jetzt gibt es vielleicht auf die Mütze, aber der erste Versuch war nicht erfolgreich. Ich habe ComboFix noch einmal durchlaufen lassen. Nachstehend die .txt des 2. Versuchs.... Ich kann MS Defender immernoch nicht starten. ---------------------------------------------------------- Combofix Logfile: Code:
ATTFilter ComboFix 14-01-04.03 - TBLap 06.01.2014 12:03:13.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8091.6163 [GMT 1:00]
ausgeführt von:: c:\users\TBLap\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TBLap\AppData\Local\Temp\_MEI49042\_ctypes.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\_elementtree.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\_hashlib.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\_multiprocessing.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\_socket.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\_ssl.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\pyexpat.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\pysqlite2._sqlite.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\python27.dll
c:\users\TBLap\AppData\Local\Temp\_MEI49042\pythoncom27.dll
c:\users\TBLap\AppData\Local\Temp\_MEI49042\PyWinTypes27.dll
c:\users\TBLap\AppData\Local\Temp\_MEI49042\select.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\unicodedata.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32api.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32com.shell.shell.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32crypt.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32event.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32file.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32inet.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32pdh.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32pipe.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32process.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32profile.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32security.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\win32ts.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\windows._lib_cacheinvalidation.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wx._controls_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wx._core_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wx._gdi_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wx._html2.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wx._misc_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wx._windows_.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wx._wizard.pyd
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wxbase294u_net_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wxbase294u_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wxmsw294u_adv_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wxmsw294u_core_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wxmsw294u_html_vc90.dll
c:\users\TBLap\AppData\Local\Temp\_MEI49042\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-06 bis 2014-01-06 ))))))))))))))))))))))))))))))
.
.
2014-01-06 11:06 . 2014-01-06 11:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-06 11:06 . 2014-01-06 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-06 09:38 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19F55EC1-5A4C-474D-918C-7BB9CA6BC1B0}\mpengine.dll
2014-01-04 10:35 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-03 14:21 . 2014-01-06 10:28 -------- d-----w- c:\program files (x86)\MyPC Backup
2014-01-03 14:21 . 2014-01-06 10:10 -------- d-----w- c:\program files (x86)\VLC Player GPU+
2014-01-03 14:21 . 2014-01-03 14:21 -------- d-----w- C:\FRST
2014-01-03 14:17 . 2014-01-06 10:28 -------- d-----w- c:\users\TBLap\AppData\Roaming\Systweak
2014-01-03 14:17 . 2014-01-03 14:17 -------- d-----w- c:\users\TBLap\.android
2014-01-03 14:17 . 2013-11-22 14:42 20312 ----a-w- c:\windows\system32\roboot64.exe
2014-01-03 14:17 . 2014-01-06 10:47 -------- d-----w- c:\users\TBLap\AppData\Roaming\newnext.me
2014-01-03 14:17 . 2014-01-06 10:29 -------- d-----w- c:\users\TBLap\AppData\Local\Mobogenie
2014-01-03 14:17 . 2014-01-03 15:48 -------- d-----w- c:\users\TBLap\AppData\Local\genienext
2014-01-03 14:17 . 2014-01-03 15:48 -------- d-----w- c:\users\TBLap\AppData\Local\cache
2013-12-31 10:25 . 2013-12-31 10:47 -------- d-----w- c:\users\TBLap\.freemind
2013-12-31 10:24 . 2013-12-31 10:24 -------- d-----w- c:\programdata\Oracle
2013-12-31 10:24 . 2013-12-31 10:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-31 10:24 . 2013-12-31 10:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-31 10:24 . 2013-12-31 10:24 -------- d-----w- c:\program files (x86)\Java
2013-12-31 10:20 . 2013-12-31 10:20 -------- d-----w- c:\program files (x86)\FreeMind
2013-12-14 13:28 . 2013-12-14 13:28 -------- d-----w- c:\program files (x86)\Open-Xchange
2013-12-14 02:00 . 2013-11-26 11:54 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-12-13 08:33 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-13 08:33 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-13 08:33 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-13 08:33 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-13 08:33 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-13 08:33 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-13 08:33 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-13 08:33 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-13 08:33 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-13 08:33 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-13 08:33 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-13 08:32 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-13 08:32 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-13 08:32 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-13 08:32 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-13 08:32 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-13 08:32 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-13 08:32 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-13 08:32 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-09 11:09 . 2013-10-18 01:13 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C04F8AD-84C4-4863-93AA-6976D0E68B71}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-13 09:33 . 2012-11-13 14:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-13 09:33 . 2012-11-13 14:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-01 13:42 . 2012-11-06 19:46 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-27 02:00 . 2013-11-27 02:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 02:00 . 2013-11-27 02:00 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 02:00 . 2013-11-27 02:00 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 02:00 . 2013-11-27 02:00 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-27 02:00 . 2013-11-27 02:00 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 02:00 . 2013-11-27 02:00 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 02:00 . 2013-11-27 02:00 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 02:00 . 2013-11-27 02:00 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 02:00 . 2013-11-27 02:00 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 02:00 . 2013-11-27 02:00 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 02:00 . 2013-11-27 02:00 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 02:00 . 2013-11-27 02:00 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 02:00 . 2013-11-27 02:00 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 02:00 . 2013-11-27 02:00 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 02:00 . 2013-11-27 02:00 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-27 02:00 . 2013-11-27 02:00 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 02:00 . 2013-11-27 02:00 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 02:00 . 2013-11-27 02:00 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 02:00 . 2013-11-27 02:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 02:00 . 2013-11-27 02:00 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 02:00 . 2013-11-27 02:00 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 02:00 . 2013-11-27 02:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 02:00 . 2013-11-27 02:00 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 02:00 . 2013-11-27 02:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 02:00 . 2013-11-27 02:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 02:00 . 2013-11-27 02:00 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 02:00 . 2013-11-27 02:00 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 02:00 . 2013-11-27 02:00 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 02:00 . 2013-11-27 02:00 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 02:00 . 2013-11-27 02:00 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 02:00 . 2013-11-27 02:00 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 02:00 . 2013-11-27 02:00 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 02:00 . 2013-11-27 02:00 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 02:00 . 2013-11-27 02:00 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 02:00 . 2013-11-27 02:00 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 02:00 . 2013-11-27 02:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 02:00 . 2013-11-27 02:00 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-27 02:00 . 2013-11-27 02:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 02:00 . 2013-11-27 02:00 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 02:00 . 2013-11-27 02:00 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 02:00 . 2013-11-27 02:00 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 02:00 . 2013-11-27 02:00 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 02:00 . 2013-11-27 02:00 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 02:00 . 2013-11-27 02:00 413696 ----a-w- c:\windows\system32\html.iec
2013-11-27 02:00 . 2013-11-27 02:00 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 02:00 . 2013-11-27 02:00 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 02:00 . 2013-11-27 02:00 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 02:00 . 2013-11-27 02:00 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 02:00 . 2013-11-27 02:00 235520 ----a-w- c:\windows\system32\url.dll
2013-11-27 02:00 . 2013-11-27 02:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 02:00 . 2013-11-27 02:00 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-27 02:00 . 2013-11-27 02:00 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 02:00 . 2013-11-27 02:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 02:00 . 2013-11-27 02:00 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 02:00 . 2013-11-27 02:00 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 02:00 . 2013-11-27 02:00 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-21 08:32 . 2013-11-21 08:32 4169784 ----a-w- c:\windows\SysWow64\oxstor32.dll
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-18 01:13 . 2012-11-29 08:44 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-14 17:00 . 2013-11-27 02:03 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 06:35 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 06:35 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 06:35 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 06:35 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 06:35 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211941181}]
2013-09-11 08:33 600712 ----a-w- c:\program files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:48 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
2012-05-10 00:05 1607472 ----a-w- c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [2012-05-10 1607472]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OXUpdater"="c:\users\TBLap\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe" [2013-11-04 2278920]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Akamai NetSession Interface"="c:\users\TBLap\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"NextLive"="c:\users\TBLap\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-01 291608]
"TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2011-11-03 329072]
"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2011-08-04 140656]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NetDrive"="c:\program files\NetDrive\netdrive.exe" [2013-03-16 3587072]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-12-02 1316248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GPULoader"="c:\program files (x86)\VLC Player GPU+\GPULog.exe" [2013-12-27 1328864]
.
c:\users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ndfs;ndfs;c:\program files\NetDrive\ndfs.sys;c:\program files\NetDrive\ndfs.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 ndsvc;NetDrive Service;c:\program files\NetDrive\ndsvc.exe;c:\program files\NetDrive\ndsvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 SwiService;Sierra Wireless Service;c:\program files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe;c:\program files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe [x]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe;c:\program files (x86)\OneClickInternet\WTGService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kfilter.sys [x]
S3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kmbb.sys [x]
S3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kserial.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-13 09:33]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 11:16]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 11:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:48 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TBLap\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ie_de_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ie_sp_OC1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{A4AF28B0-FA45-43DD-A670-ED981819DF2A}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.handelsblatt.com/
FF - prefs.js: keyword.URL - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tag=bds-p18-serp-de-ff-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ff_ab_OC1&query=
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 193300825
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0CyEzzyDtDzz0B0EtD0FyC0A0A0BtCyEtN0D0Tzu0CyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu1G2Z1S
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a9,a7,16,93,6f,bc,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\VLC Player GPU+\GPUMonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-06 12:25:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-01-06 11:25
ComboFix2.txt 2014-01-06 10:13
.
Vor Suchlauf: 11 Verzeichnis(se), 143.800.860.672 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 143.684.620.288 Bytes frei
.
- - End Of File - - 6571510532A37010D26AEDE334B41FDB
5FB38429D5D77768867C76DCBDB35194 |
|
07.01.2014, 09:40
| #7 |
| /// the machine /// TB-Ausbilder | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.01.2014, 21:35
| #8 |
| | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 TBLap :: TBLAP-PC [Administrator] 07.01.2014 20:20:45 mbam-log-2014-01-07 (20-20-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 243319 Laufzeit: 3 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe (PUP.Optional.AmazonTB.A) -> 2708 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Users\TBLap\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 19 HKCR\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{008f6853-9cb4-41c5-a950-39d55e5e06ba} (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AlxTB2.TBLayoutBHO.1 (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AlxTB2.TBLayoutBHO (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151} (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{8D03FA45-4B8C-4427-BE67-EE8885147151} (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305} (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Updater Service for AMZN (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0029481.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0029481.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0029481.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211941181} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{11111111-1111-1111-1111-110211941181} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211941181} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\TBLap\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0X2O1C0R2R1R -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Users\TBLap\AppData\Local\Amazon Browser Bar (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar (PUP.Optional.AmazonTB.A) -> Löschen bei Neustart. C:\Users\TBLap\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Roaming\OpenCandy\09564CE1B04B46CA888981EC7E1AD5BA (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Löschen bei Neustart. C:\Users\TBLap\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 20 C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Roaming\OpenCandy\09564CE1B04B46CA888981EC7E1AD5BA\INTERNALWRAPPER.exe (PUP.Optional.Searchprotect) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\Downloads\Setup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Local\Amazon Browser Bar\protect.xml (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.ini (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar\AlxSSBPS.dll (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBarSSB.3.0.dll (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar\installer.xml (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar\MainUninstall.exe (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar\search_protect.exe (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe (PUP.Optional.AmazonTB.A) -> Löschen bei Neustart. C:\Program Files (x86)\Amazon Browser Bar\update.xml (PUP.Optional.AmazonTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. C:\Users\TBLap\AppData\Roaming\OpenCandy\09564CE1B04B46CA888981EC7E1AD5BA\4245.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Roaming\OpenCandy\09564CE1B04B46CA888981EC7E1AD5BA\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Roaming\OpenCandy\09564CE1B04B46CA888981EC7E1AD5BA\OCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TBLap\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Mein Rechner braucht für jeden Schritt (Buchstabe, etc.) gerade ca. 1sek. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 07/01/2014 um 20:48:16
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : TBLap - TBLAP-PC
# Gestartet von : C:\Users\TBLap\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Mein Gutscheincode
Ordner Gelöscht : C:\Users\TBLap\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\TBLap\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\TBLap\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\TBLap\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\TBLap\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\TBLap\Documents\Mobogenie
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OXUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222942281}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255945581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455775518}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266946681}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466776618}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43969ab8-f32d-44f1-93c3-ad58677ef31f}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a9b2e31f-b51a-4d36-97cb-1e519c33393b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dadd9fcb-32eb-411d-8d3b-14fbf62800f6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e3f0c37b-345f-4858-81a6-7e067ac238d4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f91a3a07-852c-4890-aa86-2e23f4dedd7f}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222942281}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255945581}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455775518}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266946681}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466776618}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Mein Gutscheincode
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Mein Gutscheincode
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mein Gutscheincode
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.InstallationThankYouPage", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.InstallationTime", 1378888400);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.InstallationUserSettings.searchUserConifrmation", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.InstallationUserSettings.setHomepage", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.InstallationUserSettings.setNewTab", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.InstallationUserSettings.setSearch", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.active", true);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.backgroundver", 6);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.changeprevious", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.cookie.InstallationTime.value", "1378888400");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.cookie.shopList.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.cookie.shopListLastUpdate.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.cookie.shopListLastUpdate.value", "1388762909799");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.description", "Das Add-On informiert Sie direkt im Browser über verfügbare Gutscheine, mit denen S[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.domain", "");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.enablesearch", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.homepage", "");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.iframe", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22BF31B5A73E944AF8BCA0E526FC70C[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%2249374%22%2C%22sub_id%22%3A%224937[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_appVer.value", "35");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_lastVersion.value", "12");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_meta.value", "%7B%22css/icon_128.png%22%3A%7B%22id%22%3A155226%2C%22ver%22%3A[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_nextCheck.expiration", "Sat Jan 04 2014 17:23:53 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_nextCheck.value", "true");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155230.expiration", "Thu Apr 03 2014 15:59:21 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155230.value", "%22/**%20todo%3A%20clean%20this%20shit%20up%2C%20scs[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155232.expiration", "Thu Apr 03 2014 09:02:46 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155232.value", "%22%3Cspan%20id%3D%27coupon-toolbar-coupons-desc-cou[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155233.expiration", "Thu Apr 03 2014 09:02:46 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155233.value", "%22%3Cli%20class%3D%5C%22row%20cf%5C%22%3E%5Cn%20%20[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155234.expiration", "Thu Apr 03 2014 09:02:46 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155234.value", "%22%3Cdiv%20id%3D%5C%22coupon-toolbar%5C%22%20class%[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155236.expiration", "Fri Apr 04 2014 12:25:01 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155236.value", "%22//%20i18next%2C%20v1.5.7%5Cn//%20Copyright%20%28c[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155237.expiration", "Fri Apr 04 2014 12:25:01 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155237.value", "%22/*%21%20jQuery%20v1.8.2%20jquery.com%20%7C%20jque[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155238.expiration", "Fri Apr 04 2014 12:25:01 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155238.value", "%22//%20moment.js%5Cn//%20version%20%3A%201.7.2%5Cn/[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155239.expiration", "Fri Apr 04 2014 12:25:01 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155240.expiration", "Thu Apr 03 2014 15:59:21 GMT+0200");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.internaldb.Resources_resource_155240.value", "%22%257B%250A%2520%2520%2520%2520%2522de%2522%253A%2[...]
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.lastDailyReport", "1388831025722");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.lastUpdate", "1388831033432");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.manifesturl", "");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.name", "Mein Gutscheincode");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.newtab", "");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.opensearch", "");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/29481/plugins/093/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.pluginsversion", 8);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.publisher", "Mein Gutscheincode GmbH");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.setnewtab", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.thankyou", "");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.29481.ver", 35);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.adsOldValue", -1);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.apps", "29481");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.bic", "1410d37539d70aa19c7f751a525e90b3");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.cid", 29481);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.firstrun", false);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.installationdate", 1378906232);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.modetype", "production");
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.reportInstall", true);
Zeile gelöscht : user_pref("extensions.a126c9ec1e913410f94df6262dd70e04494392a4bd7bd45638bcdba96cf8055b2com29481.statsDailyCounter", 165);
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1410d37539d70aa19c7f751a525e90b3");
*************************
AdwCleaner[R0].txt - [25626 octets] - [07/01/2014 20:32:03]
AdwCleaner[S0].txt - [25044 octets] - [07/01/2014 20:48:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25105 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows 7 Professional x64 Ran by TBLap on 07.01.2014 at 21:07:51,17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\TBLap\AppData\Roaming\mozilla\firefox\profiles\1a6n4efa.default\minidumps [17 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.01.2014 at 21:13:00,96 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by TBLap (administrator) on TBLAP-PC on 07-01-2014 21:22:23
Running from C:\Users\TBLap\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SwiService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
() C:\Program Files (x86)\OneClickInternet\WTGService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Bdrive Inc.) C:\Program Files\NetDrive\netdrive.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\VLC Player GPU+\GPULog.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-05-01] (Intel Corporation)
HKLM-x32\...\Run: [TRUUpdater] - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\netdrive.exe [3587072 2013-03-16] (Bdrive Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [GPULoader] - C:\Program Files (x86)\VLC Player GPU+\GPULog.exe [1328864 2013-12-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ie_de_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ie_sp_OC1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C9D6F465DBCCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A4AF28B0-FA45-43DD-A670-ED981819DF2A}: [NameServer]139.7.30.126 139.7.30.125
FireFox:
========
FF ProfilePath: C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.handelsblatt.com/
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tag=bds-p18-serp-de-ff-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ff_ab_OC1&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\TBLap\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\searchplugins\amazon-distro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fingerfox (SE) - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5}
FF Extension: Amazon Browser Apps - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\abb@amazon.com.xpi
FF Extension: Youtube Downloader - Media Downloader - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\paulsaintuzb@gmail.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-03-16] (Bdrive Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [323952 2012-03-08] (Sierra Wireless, Inc.)
R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe [152944 2012-01-13] (Sierra Wireless, Inc.)
R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
R3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
R3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 SWUMX20; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-07 21:22 - 2014-01-07 21:22 - 00000000 ____D C:\Users\TBLap\Downloads\FRST-OlderVersion
2014-01-07 21:13 - 2014-01-07 21:13 - 00000757 _____ C:\Users\TBLap\Desktop\JRT.txt
2014-01-07 21:07 - 2014-01-07 21:07 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 21:02 - 2014-01-07 21:03 - 01036305 _____ (Thisisu) C:\Users\TBLap\Downloads\JRT.exe
2014-01-07 20:29 - 2014-01-07 20:29 - 01233962 _____ C:\Users\TBLap\Desktop\adwcleaner.exe
2014-01-07 20:28 - 2014-01-07 20:49 - 00000000 ____D C:\AdwCleaner
2014-01-07 20:28 - 2014-01-07 20:28 - 01233962 _____ C:\Users\TBLap\Downloads\adwcleaner.exe
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Malwarebytes
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 20:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-07 20:16 - 2014-01-07 20:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TBLap\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 20:06 - 2014-01-06 20:15 - 129598176 _____ C:\Users\TBLap\Downloads\avira_free_antivirus_de.exe
2014-01-06 12:25 - 2014-01-06 12:25 - 00039166 _____ C:\ComboFix.txt
2014-01-06 11:01 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-06 11:01 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-06 11:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-06 10:32 - 2014-01-06 12:25 - 00000000 ____D C:\Qoobox
2014-01-06 10:32 - 2014-01-06 11:10 - 00000000 ____D C:\Windows\erdnt
2014-01-06 10:28 - 2014-01-06 10:29 - 05160001 ____R (Swearware) C:\Users\TBLap\Downloads\ComboFix.exe
2014-01-03 16:14 - 2014-01-04 11:23 - 00000068 _____ C:\Users\TBLap\AppData\Roaming\WB.CFG
2014-01-03 15:22 - 2014-01-03 15:24 - 00038411 _____ C:\Users\TBLap\Downloads\Addition.txt
2014-01-03 15:21 - 2014-01-07 21:22 - 00017025 _____ C:\Users\TBLap\Downloads\FRST.txt
2014-01-03 15:21 - 2014-01-07 21:22 - 00000000 ____D C:\FRST
2014-01-03 15:21 - 2014-01-06 11:10 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+
2014-01-03 15:19 - 2014-01-07 21:22 - 01931762 _____ (Farbar) C:\Users\TBLap\Downloads\FRST64.exe
2014-01-03 15:17 - 2014-01-06 11:07 - 00000464 _____ C:\Users\TBLap\daemonprocess.txt
2014-01-03 15:17 - 2014-01-03 16:48 - 00000000 ____D C:\Users\TBLap\AppData\Local\genienext
2014-01-03 15:17 - 2014-01-03 16:48 - 00000000 ____D C:\Users\TBLap\AppData\Local\cache
2014-01-03 15:17 - 2014-01-03 15:17 - 00001107 _____ C:\Users\TBLap\Desktop\Continue AnyProtect Installation.lnk
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\.android
2014-01-03 10:47 - 2014-01-03 10:47 - 02209056 _____ C:\Users\TBLap\Downloads\avira-eu-cleaner_de.exe
2014-01-03 10:47 - 2014-01-03 10:47 - 00002025 _____ C:\Users\TBLap\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-03 10:47 - 2014-01-03 10:47 - 00001969 _____ C:\Users\TBLap\Desktop\Avira EU-Cleaner.lnk
2014-01-03 09:42 - 2014-01-03 09:45 - 25647320 _____ (Microsoft Corporation) C:\Users\TBLap\Downloads\Windows-KB890830-x64-V5.7.exe
2014-01-03 08:31 - 2014-01-03 08:31 - 00003130 _____ C:\Windows\System32\Tasks\{2A462003-E8A4-4748-84FD-6CF0C2309A6F}
2014-01-03 08:23 - 2014-01-03 08:23 - 01988724 _____ (Igor Pavlov) C:\Users\TBLap\Downloads\OXConnector.exe
2014-01-03 02:51 - 2014-01-03 02:51 - 01731712 _____ C:\Windows\Minidump\010314-14352-01.dmp
2014-01-02 15:57 - 2014-01-02 15:57 - 01783632 _____ C:\Windows\Minidump\010214-16333-01.dmp
2013-12-31 11:25 - 2013-12-31 11:47 - 00000000 ____D C:\Users\TBLap\.freemind
2013-12-31 11:24 - 2013-12-31 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 11:20 - 2013-12-31 11:20 - 00915368 _____ (Oracle Corporation) C:\Users\TBLap\Downloads\jxpiinstall.exe
2013-12-31 11:20 - 2013-12-31 11:20 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-12-31 11:12 - 2013-12-31 11:15 - 37618815 _____ ( ) C:\Users\TBLap\Downloads\FreeMind-Windows-Installer-1.0.0-max.exe
2013-12-23 10:26 - 2013-12-23 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 14:28 - 2013-12-14 14:28 - 00000000 ____D C:\Program Files (x86)\Open-Xchange
2013-12-14 03:01 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 03:01 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 03:01 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 03:01 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 03:01 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 03:01 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 03:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 03:01 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 03:01 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 03:01 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 03:01 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 03:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 03:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 03:01 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 03:01 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 03:01 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 03:01 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 03:00 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 03:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 03:00 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 03:00 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 03:00 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 03:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 03:00 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 03:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 03:00 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 03:00 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 03:00 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 03:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 03:00 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 03:00 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 03:00 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 03:00 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 03:00 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 03:00 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 09:33 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-13 09:33 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-13 09:33 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-13 09:33 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-13 09:33 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-13 09:33 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-13 09:33 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-13 09:33 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 09:33 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-13 09:33 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 09:33 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-13 09:32 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 09:32 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 09:32 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-13 09:32 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-13 09:32 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 09:32 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-13 09:32 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-13 09:32 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
==================== One Month Modified Files and Folders =======
2014-01-07 21:22 - 2014-01-07 21:22 - 00000000 ____D C:\Users\TBLap\Downloads\FRST-OlderVersion
2014-01-07 21:22 - 2014-01-03 15:21 - 00017025 _____ C:\Users\TBLap\Downloads\FRST.txt
2014-01-07 21:22 - 2014-01-03 15:21 - 00000000 ____D C:\FRST
2014-01-07 21:22 - 2014-01-03 15:19 - 01931762 _____ (Farbar) C:\Users\TBLap\Downloads\FRST64.exe
2014-01-07 21:19 - 2012-11-22 14:09 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Skype
2014-01-07 21:19 - 2012-11-15 10:04 - 00000000 ___RD C:\Users\TBLap\Dropbox
2014-01-07 21:19 - 2012-11-07 19:49 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Dropbox
2014-01-07 21:18 - 2012-11-12 18:27 - 00216227 _____ C:\ndsvc.log
2014-01-07 21:18 - 2012-11-07 19:34 - 00000000 ___RD C:\Users\TBLap\Google Drive
2014-01-07 21:18 - 2012-11-07 12:16 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 21:17 - 2012-11-06 19:34 - 01421496 _____ C:\Windows\WindowsUpdate.log
2014-01-07 21:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 21:17 - 2009-07-14 05:51 - 00054568 _____ C:\Windows\setupact.log
2014-01-07 21:13 - 2014-01-07 21:13 - 00000757 _____ C:\Users\TBLap\Desktop\JRT.txt
2014-01-07 21:07 - 2014-01-07 21:07 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 21:07 - 2012-11-07 12:16 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 21:03 - 2014-01-07 21:02 - 01036305 _____ (Thisisu) C:\Users\TBLap\Downloads\JRT.exe
2014-01-07 20:58 - 2009-07-14 05:45 - 00022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 20:58 - 2009-07-14 05:45 - 00022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 20:56 - 2011-04-12 08:43 - 00700592 _____ C:\Windows\system32\perfh007.dat
2014-01-07 20:56 - 2011-04-12 08:43 - 00149356 _____ C:\Windows\system32\perfc007.dat
2014-01-07 20:56 - 2009-07-14 06:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-07 20:49 - 2014-01-07 20:28 - 00000000 ____D C:\AdwCleaner
2014-01-07 20:32 - 2012-12-12 15:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 20:30 - 2010-11-21 04:47 - 00069666 _____ C:\Windows\PFRO.log
2014-01-07 20:29 - 2014-01-07 20:29 - 01233962 _____ C:\Users\TBLap\Desktop\adwcleaner.exe
2014-01-07 20:28 - 2014-01-07 20:28 - 01233962 _____ C:\Users\TBLap\Downloads\adwcleaner.exe
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Malwarebytes
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 20:17 - 2014-01-07 20:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TBLap\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 21:40 - 2012-11-30 09:10 - 00000000 ____D C:\Program Files (x86)\LingoPad
2014-01-06 20:15 - 2014-01-06 20:06 - 129598176 _____ C:\Users\TBLap\Downloads\avira_free_antivirus_de.exe
2014-01-06 12:30 - 2012-11-07 00:16 - 00000000 ____D C:\Users\TBLap\AppData\Local\OXSTORE2
2014-01-06 12:25 - 2014-01-06 12:25 - 00039166 _____ C:\ComboFix.txt
2014-01-06 12:25 - 2014-01-06 10:32 - 00000000 ____D C:\Qoobox
2014-01-06 12:21 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-06 11:28 - 2012-11-06 19:36 - 00000000 ___RD C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 11:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-06 11:10 - 2014-01-06 10:32 - 00000000 ____D C:\Windows\erdnt
2014-01-06 11:10 - 2014-01-03 15:21 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+
2014-01-06 11:07 - 2014-01-03 15:17 - 00000464 _____ C:\Users\TBLap\daemonprocess.txt
2014-01-06 10:29 - 2014-01-06 10:28 - 05160001 ____R (Swearware) C:\Users\TBLap\Downloads\ComboFix.exe
2014-01-04 11:23 - 2014-01-03 16:14 - 00000068 _____ C:\Users\TBLap\AppData\Roaming\WB.CFG
2014-01-03 16:48 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\genienext
2014-01-03 16:48 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\cache
2014-01-03 15:24 - 2014-01-03 15:22 - 00038411 _____ C:\Users\TBLap\Downloads\Addition.txt
2014-01-03 15:17 - 2014-01-03 15:17 - 00001107 _____ C:\Users\TBLap\Desktop\Continue AnyProtect Installation.lnk
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\.android
2014-01-03 15:17 - 2012-11-06 19:36 - 00000000 ____D C:\Users\TBLap
2014-01-03 14:58 - 2013-03-23 15:06 - 00000000 ____D C:\ProgramData\BMWiSoftware
2014-01-03 10:47 - 2014-01-03 10:47 - 02209056 _____ C:\Users\TBLap\Downloads\avira-eu-cleaner_de.exe
2014-01-03 10:47 - 2014-01-03 10:47 - 00002025 _____ C:\Users\TBLap\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-03 10:47 - 2014-01-03 10:47 - 00001969 _____ C:\Users\TBLap\Desktop\Avira EU-Cleaner.lnk
2014-01-03 09:45 - 2014-01-03 09:42 - 25647320 _____ (Microsoft Corporation) C:\Users\TBLap\Downloads\Windows-KB890830-x64-V5.7.exe
2014-01-03 08:31 - 2014-01-03 08:31 - 00003130 _____ C:\Windows\System32\Tasks\{2A462003-E8A4-4748-84FD-6CF0C2309A6F}
2014-01-03 08:23 - 2014-01-03 08:23 - 01988724 _____ (Igor Pavlov) C:\Users\TBLap\Downloads\OXConnector.exe
2014-01-03 08:15 - 2013-08-08 10:50 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\vlc
2014-01-03 02:51 - 2014-01-03 02:51 - 01731712 _____ C:\Windows\Minidump\010314-14352-01.dmp
2014-01-03 02:51 - 2013-03-28 16:53 - 523513159 _____ C:\Windows\MEMORY.DMP
2014-01-03 02:51 - 2013-03-28 16:53 - 00000000 ____D C:\Windows\Minidump
2014-01-02 15:58 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-02 15:57 - 2014-01-02 15:57 - 01783632 _____ C:\Windows\Minidump\010214-16333-01.dmp
2014-01-02 15:57 - 2012-11-07 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-02 06:31 - 2013-02-14 12:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-31 11:47 - 2013-12-31 11:25 - 00000000 ____D C:\Users\TBLap\.freemind
2013-12-31 11:24 - 2013-12-31 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 11:20 - 2013-12-31 11:20 - 00915368 _____ (Oracle Corporation) C:\Users\TBLap\Downloads\jxpiinstall.exe
2013-12-31 11:20 - 2013-12-31 11:20 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-12-31 11:15 - 2013-12-31 11:12 - 37618815 _____ ( ) C:\Users\TBLap\Downloads\FreeMind-Windows-Installer-1.0.0-max.exe
2013-12-27 08:15 - 2013-12-05 00:34 - 00000000 ____D C:\Users\TBLap\AppData\Local\CrashDumps
2013-12-23 10:26 - 2013-12-23 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 03:01 - 2013-08-02 10:23 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 14:28 - 2013-12-14 14:28 - 00000000 ____D C:\Program Files (x86)\Open-Xchange
2013-12-14 14:28 - 2012-11-07 00:15 - 00000020 _____ C:\Windows\oxstor32.ini
2013-12-14 14:18 - 2012-11-22 14:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-14 14:18 - 2012-11-22 14:08 - 00000000 ____D C:\ProgramData\Skype
2013-12-14 03:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 03:18 - 2009-07-14 05:45 - 00432480 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 03:01 - 2012-11-06 23:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 12:20 - 2013-08-27 14:52 - 00000000 ____D C:\Users\TBLap\AppData\Local\Windows Live
2013-12-13 10:33 - 2012-12-12 15:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 10:33 - 2012-11-13 15:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 10:33 - 2012-11-13 15:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\TBLap\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 11:34
==================== End Of Log ============================
--- --- --- --- --- --- Moin Schrauber, noch immer kann ich den Defender nicht aktivieren. Ich bekomme immer einen Fehler wegen "Zeitüberschreitung" angezeigt. Nach dem Scan mit ADW Cleaner habe ich gedacht mein Prozessor und Lüfter kollabiert. Ich habe vor dem Scan mit Junkware die Datenleitung gekappt, um die Firewall zu stoppen und damit beruhigte sich mein Rechner wieder. Ganz schöner Akt...., bis hierhin aber schon einmal  |
|
07.01.2014, 22:02
| #9 |
| | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Habe gerade noch etwas auf Euren Seiten gesurft und habe versucht den Oxtender zu starten. Die Applikation startete auch, aber dann kam der Abbruch mit dem Hinweis das Outlook nicht vorhanden sei. Ja und jetzt powert der Rechner sich gerade wieder richtig hoch und alles ist schön langsam.. Hab' mal ein Screenshot vom Leistungsdiagramm gemacht und angehängt VG Tom |
|
08.01.2014, 12:01
| #10 |
| /// the machine /// TB-Ausbilder | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen). Und poste bitte noch ein frisches FRST Logfile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2014, 15:26
| #11 |
| | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Hallo schrauber, anbei die Anhänge. VG Tom FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014
Ran by TBLap (administrator) on TBLAP-PC on 08-01-2014 15:24:10
Running from C:\Users\TBLap\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SwiService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
() C:\Program Files (x86)\OneClickInternet\WTGService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Bdrive Inc.) C:\Program Files\NetDrive\netdrive.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\VLC Player GPU+\GPUMonitor.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-05-01] (Intel Corporation)
HKLM-x32\...\Run: [TRUUpdater] - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\netdrive.exe [3587072 2013-03-16] (Bdrive Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [GPULoader] - C:\Program Files (x86)\VLC Player GPU+\GPULog.exe [1328864 2013-12-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\TBLap\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
IFEO\taskmgr.exe: [Debugger] "C:\USERS\TBLAP\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE"
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TBLap\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ie_de_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ie_sp_OC1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C9D6F465DBCCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A4AF28B0-FA45-43DD-A670-ED981819DF2A}: [NameServer]139.7.30.126 139.7.30.125
FireFox:
========
FF ProfilePath: C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.handelsblatt.com/
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tag=bds-p18-serp-de-ff-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_7c3e267f89814993a1d975c30ac0da75_18_38_20130131_DE_ff_ab_OC1&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\TBLap\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\searchplugins\amazon-distro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fingerfox (SE) - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5}
FF Extension: Amazon Browser Apps - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\abb@amazon.com.xpi
FF Extension: Youtube Downloader - Media Downloader - C:\Users\TBLap\AppData\Roaming\Mozilla\Firefox\Profiles\1a6n4efa.default\Extensions\paulsaintuzb@gmail.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-03-16] (Bdrive Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [323952 2012-03-08] (Sierra Wireless, Inc.)
R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe [152944 2012-01-13] (Sierra Wireless, Inc.)
R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
R3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
R3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 SWUMX20; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-08 15:07 - 2014-01-08 15:07 - 00000000 ____D C:\Users\TBLap\Downloads\ProcessExplorer
2014-01-08 15:04 - 2014-01-08 15:04 - 01191834 _____ C:\Users\TBLap\Downloads\ProcessExplorer.zip
2014-01-07 22:04 - 2014-01-07 22:04 - 00007643 _____ C:\Users\TBLap\AppData\Local\Resmon.ResmonCfg
2014-01-07 21:22 - 2014-01-08 15:24 - 00000000 ____D C:\Users\TBLap\Downloads\FRST-OlderVersion
2014-01-07 21:13 - 2014-01-07 21:13 - 00000757 _____ C:\Users\TBLap\Desktop\JRT.txt
2014-01-07 21:07 - 2014-01-07 21:07 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 21:02 - 2014-01-07 21:03 - 01036305 _____ (Thisisu) C:\Users\TBLap\Downloads\JRT.exe
2014-01-07 20:29 - 2014-01-07 20:29 - 01233962 _____ C:\Users\TBLap\Desktop\adwcleaner.exe
2014-01-07 20:28 - 2014-01-07 20:49 - 00000000 ____D C:\AdwCleaner
2014-01-07 20:28 - 2014-01-07 20:28 - 01233962 _____ C:\Users\TBLap\Downloads\adwcleaner.exe
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Malwarebytes
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 20:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-07 20:16 - 2014-01-07 20:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TBLap\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 20:06 - 2014-01-06 20:15 - 129598176 _____ C:\Users\TBLap\Downloads\avira_free_antivirus_de.exe
2014-01-06 12:25 - 2014-01-06 12:25 - 00039166 _____ C:\ComboFix.txt
2014-01-06 11:01 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-06 11:01 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-06 11:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-06 11:01 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-06 10:32 - 2014-01-06 12:25 - 00000000 ____D C:\Qoobox
2014-01-06 10:32 - 2014-01-06 11:10 - 00000000 ____D C:\Windows\erdnt
2014-01-06 10:28 - 2014-01-06 10:29 - 05160001 ____R (Swearware) C:\Users\TBLap\Downloads\ComboFix.exe
2014-01-03 16:14 - 2014-01-04 11:23 - 00000068 _____ C:\Users\TBLap\AppData\Roaming\WB.CFG
2014-01-03 15:22 - 2014-01-03 15:24 - 00038411 _____ C:\Users\TBLap\Downloads\Addition.txt
2014-01-03 15:21 - 2014-01-08 15:24 - 00017383 _____ C:\Users\TBLap\Downloads\FRST.txt
2014-01-03 15:21 - 2014-01-08 15:24 - 00000000 ____D C:\FRST
2014-01-03 15:21 - 2014-01-06 11:10 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+
2014-01-03 15:19 - 2014-01-08 15:24 - 01932624 _____ (Farbar) C:\Users\TBLap\Downloads\FRST64.exe
2014-01-03 15:17 - 2014-01-06 11:07 - 00000464 _____ C:\Users\TBLap\daemonprocess.txt
2014-01-03 15:17 - 2014-01-03 16:48 - 00000000 ____D C:\Users\TBLap\AppData\Local\genienext
2014-01-03 15:17 - 2014-01-03 16:48 - 00000000 ____D C:\Users\TBLap\AppData\Local\cache
2014-01-03 15:17 - 2014-01-03 15:17 - 00001107 _____ C:\Users\TBLap\Desktop\Continue AnyProtect Installation.lnk
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\.android
2014-01-03 10:47 - 2014-01-03 10:47 - 02209056 _____ C:\Users\TBLap\Downloads\avira-eu-cleaner_de.exe
2014-01-03 10:47 - 2014-01-03 10:47 - 00002025 _____ C:\Users\TBLap\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-03 10:47 - 2014-01-03 10:47 - 00001969 _____ C:\Users\TBLap\Desktop\Avira EU-Cleaner.lnk
2014-01-03 09:42 - 2014-01-03 09:45 - 25647320 _____ (Microsoft Corporation) C:\Users\TBLap\Downloads\Windows-KB890830-x64-V5.7.exe
2014-01-03 08:31 - 2014-01-03 08:31 - 00003130 _____ C:\Windows\System32\Tasks\{2A462003-E8A4-4748-84FD-6CF0C2309A6F}
2014-01-03 08:23 - 2014-01-03 08:23 - 01988724 _____ (Igor Pavlov) C:\Users\TBLap\Downloads\OXConnector.exe
2014-01-03 02:51 - 2014-01-03 02:51 - 01731712 _____ C:\Windows\Minidump\010314-14352-01.dmp
2014-01-02 15:57 - 2014-01-02 15:57 - 01783632 _____ C:\Windows\Minidump\010214-16333-01.dmp
2013-12-31 11:25 - 2013-12-31 11:47 - 00000000 ____D C:\Users\TBLap\.freemind
2013-12-31 11:24 - 2013-12-31 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 11:20 - 2013-12-31 11:20 - 00915368 _____ (Oracle Corporation) C:\Users\TBLap\Downloads\jxpiinstall.exe
2013-12-31 11:20 - 2013-12-31 11:20 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-12-31 11:12 - 2013-12-31 11:15 - 37618815 _____ ( ) C:\Users\TBLap\Downloads\FreeMind-Windows-Installer-1.0.0-max.exe
2013-12-23 10:26 - 2013-12-23 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 14:28 - 2013-12-14 14:28 - 00000000 ____D C:\Program Files (x86)\Open-Xchange
2013-12-14 03:01 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 03:01 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 03:01 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 03:01 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 03:01 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 03:01 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 03:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 03:01 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 03:01 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 03:01 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 03:01 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 03:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 03:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 03:01 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 03:01 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 03:01 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 03:01 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 03:00 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 03:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 03:00 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 03:00 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 03:00 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 03:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 03:00 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 03:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 03:00 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 03:00 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 03:00 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 03:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 03:00 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 03:00 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 03:00 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 03:00 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 03:00 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 03:00 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 09:33 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-13 09:33 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-13 09:33 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-13 09:33 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-13 09:33 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-13 09:33 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-13 09:33 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-13 09:33 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 09:33 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-13 09:33 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 09:33 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-13 09:32 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 09:32 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 09:32 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-13 09:32 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-13 09:32 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 09:32 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-13 09:32 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-13 09:32 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
==================== One Month Modified Files and Folders =======
2014-01-08 15:24 - 2014-01-07 21:22 - 00000000 ____D C:\Users\TBLap\Downloads\FRST-OlderVersion
2014-01-08 15:24 - 2014-01-03 15:21 - 00017383 _____ C:\Users\TBLap\Downloads\FRST.txt
2014-01-08 15:24 - 2014-01-03 15:21 - 00000000 ____D C:\FRST
2014-01-08 15:24 - 2014-01-03 15:19 - 01932624 _____ (Farbar) C:\Users\TBLap\Downloads\FRST64.exe
2014-01-08 15:24 - 2012-11-07 19:49 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Dropbox
2014-01-08 15:23 - 2012-11-22 14:09 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Skype
2014-01-08 15:07 - 2014-01-08 15:07 - 00000000 ____D C:\Users\TBLap\Downloads\ProcessExplorer
2014-01-08 15:07 - 2012-11-07 12:16 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 15:04 - 2014-01-08 15:04 - 01191834 _____ C:\Users\TBLap\Downloads\ProcessExplorer.zip
2014-01-08 15:04 - 2012-11-06 19:34 - 01483369 _____ C:\Windows\WindowsUpdate.log
2014-01-08 14:55 - 2013-12-05 00:34 - 00000000 ____D C:\Users\TBLap\AppData\Local\CrashDumps
2014-01-08 14:32 - 2012-12-12 15:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 13:08 - 2012-11-30 09:10 - 00000000 ____D C:\Program Files (x86)\LingoPad
2014-01-08 06:40 - 2012-11-07 00:16 - 00000000 ____D C:\Users\TBLap\AppData\Local\OXSTORE2
2014-01-08 06:08 - 2012-11-07 19:34 - 00000000 ___RD C:\Users\TBLap\Google Drive
2014-01-08 06:06 - 2012-11-07 12:16 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 22:32 - 2011-04-12 08:43 - 00700592 _____ C:\Windows\system32\perfh007.dat
2014-01-07 22:32 - 2011-04-12 08:43 - 00149356 _____ C:\Windows\system32\perfc007.dat
2014-01-07 22:32 - 2009-07-14 06:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-07 22:15 - 2009-07-14 05:45 - 00022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 22:15 - 2009-07-14 05:45 - 00022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 22:08 - 2012-11-15 10:04 - 00000000 ___RD C:\Users\TBLap\Dropbox
2014-01-07 22:08 - 2012-11-12 18:27 - 00216935 _____ C:\ndsvc.log
2014-01-07 22:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 22:07 - 2009-07-14 05:51 - 00054624 _____ C:\Windows\setupact.log
2014-01-07 22:04 - 2014-01-07 22:04 - 00007643 _____ C:\Users\TBLap\AppData\Local\Resmon.ResmonCfg
2014-01-07 21:13 - 2014-01-07 21:13 - 00000757 _____ C:\Users\TBLap\Desktop\JRT.txt
2014-01-07 21:07 - 2014-01-07 21:07 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 21:03 - 2014-01-07 21:02 - 01036305 _____ (Thisisu) C:\Users\TBLap\Downloads\JRT.exe
2014-01-07 20:49 - 2014-01-07 20:28 - 00000000 ____D C:\AdwCleaner
2014-01-07 20:30 - 2010-11-21 04:47 - 00069666 _____ C:\Windows\PFRO.log
2014-01-07 20:29 - 2014-01-07 20:29 - 01233962 _____ C:\Users\TBLap\Desktop\adwcleaner.exe
2014-01-07 20:28 - 2014-01-07 20:28 - 01233962 _____ C:\Users\TBLap\Downloads\adwcleaner.exe
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\Malwarebytes
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 20:19 - 2014-01-07 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 20:17 - 2014-01-07 20:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TBLap\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 20:15 - 2014-01-06 20:06 - 129598176 _____ C:\Users\TBLap\Downloads\avira_free_antivirus_de.exe
2014-01-06 12:25 - 2014-01-06 12:25 - 00039166 _____ C:\ComboFix.txt
2014-01-06 12:25 - 2014-01-06 10:32 - 00000000 ____D C:\Qoobox
2014-01-06 12:21 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-06 11:28 - 2012-11-06 19:36 - 00000000 ___RD C:\Users\TBLap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 11:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-06 11:10 - 2014-01-06 10:32 - 00000000 ____D C:\Windows\erdnt
2014-01-06 11:10 - 2014-01-03 15:21 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+
2014-01-06 11:07 - 2014-01-03 15:17 - 00000464 _____ C:\Users\TBLap\daemonprocess.txt
2014-01-06 10:29 - 2014-01-06 10:28 - 05160001 ____R (Swearware) C:\Users\TBLap\Downloads\ComboFix.exe
2014-01-04 11:23 - 2014-01-03 16:14 - 00000068 _____ C:\Users\TBLap\AppData\Roaming\WB.CFG
2014-01-03 16:48 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\genienext
2014-01-03 16:48 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\AppData\Local\cache
2014-01-03 15:24 - 2014-01-03 15:22 - 00038411 _____ C:\Users\TBLap\Downloads\Addition.txt
2014-01-03 15:17 - 2014-01-03 15:17 - 00001107 _____ C:\Users\TBLap\Desktop\Continue AnyProtect Installation.lnk
2014-01-03 15:17 - 2014-01-03 15:17 - 00000000 ____D C:\Users\TBLap\.android
2014-01-03 15:17 - 2012-11-06 19:36 - 00000000 ____D C:\Users\TBLap
2014-01-03 14:58 - 2013-03-23 15:06 - 00000000 ____D C:\ProgramData\BMWiSoftware
2014-01-03 10:47 - 2014-01-03 10:47 - 02209056 _____ C:\Users\TBLap\Downloads\avira-eu-cleaner_de.exe
2014-01-03 10:47 - 2014-01-03 10:47 - 00002025 _____ C:\Users\TBLap\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-03 10:47 - 2014-01-03 10:47 - 00001969 _____ C:\Users\TBLap\Desktop\Avira EU-Cleaner.lnk
2014-01-03 09:45 - 2014-01-03 09:42 - 25647320 _____ (Microsoft Corporation) C:\Users\TBLap\Downloads\Windows-KB890830-x64-V5.7.exe
2014-01-03 08:31 - 2014-01-03 08:31 - 00003130 _____ C:\Windows\System32\Tasks\{2A462003-E8A4-4748-84FD-6CF0C2309A6F}
2014-01-03 08:23 - 2014-01-03 08:23 - 01988724 _____ (Igor Pavlov) C:\Users\TBLap\Downloads\OXConnector.exe
2014-01-03 08:15 - 2013-08-08 10:50 - 00000000 ____D C:\Users\TBLap\AppData\Roaming\vlc
2014-01-03 02:51 - 2014-01-03 02:51 - 01731712 _____ C:\Windows\Minidump\010314-14352-01.dmp
2014-01-03 02:51 - 2013-03-28 16:53 - 523513159 _____ C:\Windows\MEMORY.DMP
2014-01-03 02:51 - 2013-03-28 16:53 - 00000000 ____D C:\Windows\Minidump
2014-01-02 15:58 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-02 15:57 - 2014-01-02 15:57 - 01783632 _____ C:\Windows\Minidump\010214-16333-01.dmp
2014-01-02 15:57 - 2012-11-07 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-02 06:31 - 2013-02-14 12:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-31 11:47 - 2013-12-31 11:25 - 00000000 ____D C:\Users\TBLap\.freemind
2013-12-31 11:24 - 2013-12-31 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 11:24 - 2013-12-31 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 11:24 - 2013-12-31 11:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 11:20 - 2013-12-31 11:20 - 00915368 _____ (Oracle Corporation) C:\Users\TBLap\Downloads\jxpiinstall.exe
2013-12-31 11:20 - 2013-12-31 11:20 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-12-31 11:15 - 2013-12-31 11:12 - 37618815 _____ ( ) C:\Users\TBLap\Downloads\FreeMind-Windows-Installer-1.0.0-max.exe
2013-12-23 10:26 - 2013-12-23 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 03:01 - 2013-08-02 10:23 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 14:28 - 2013-12-14 14:28 - 00000000 ____D C:\Program Files (x86)\Open-Xchange
2013-12-14 14:28 - 2012-11-07 00:15 - 00000020 _____ C:\Windows\oxstor32.ini
2013-12-14 14:18 - 2012-11-22 14:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-14 14:18 - 2012-11-22 14:08 - 00000000 ____D C:\ProgramData\Skype
2013-12-14 03:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 03:18 - 2009-07-14 05:45 - 00432480 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 03:01 - 2012-11-06 23:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 12:20 - 2013-08-27 14:52 - 00000000 ____D C:\Users\TBLap\AppData\Local\Windows Live
2013-12-13 10:33 - 2012-12-12 15:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 10:33 - 2012-11-13 15:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 10:33 - 2012-11-13 15:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\TBLap\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 11:34
==================== End Of Log ============================
|
|
09.01.2014, 00:35
| #12 |
| | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Ach schrauber, der Link zum Pro Ex funkioniert nicht. Ich habe das Programm direkt bei MS runtergaleden. VG Tom Der System Idle Prozess ist in der CPU Auslastung sehr hoch, was aber nicht das Problem sein soll!!?? Irgendwann fliegt der Lüfter aus dem Gehäuse.. Geändert von Tom21 (09.01.2014 um 00:45 Uhr) |
|
09.01.2014, 13:22
| #13 | ||
| /// the machine /// TB-Ausbilder | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbarZitat:
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2014, 14:35
| #14 |
| | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Hallo Schrauber, ist aus Deiner Sicht jetzt alles in Ordnung. Ich kann den Defender immernoch nicht anschalten??!!?? Hättet Du noch eine Alternative für den Defender?? Ansonsten würde ich jetzt versuchen den Oxtender wieder aufzuspielen. Mittlerweile erscheint zwar wieder das Startfenster, aber der SW Boot bricht immer wieder ab. Meldung habe ich als .jpg angehängt. VG Tom |
|
11.01.2014, 12:36
| #15 |
| /// the machine /// TB-Ausbilder | Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar Malwaretechnisch ist alles ok. Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Oxtender von Hosteurope auf Win7 Laptop nicht mehr vorhanden, Defender nicht startbar |
| dateien, defender, gefunde, immernoch, meldungen, mobogenie, mobogenie entfernen, problems, pup.optional.alexatb.a, pup.optional.amazontb.a, pup.optional.crossrider.a, pup.optional.crossrider.m, pup.optional.installcore, pup.optional.installcore.a, pup.optional.nextlive.a, pup.optional.opencandy, pup.optional.searchprotect, versuch, versucht, vorhanden, win7, windows |
Linear-Darstellung
