| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HP Notebook überprüfenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.01.2014, 10:07
| #1 |
 |  HP Notebook überprüfen Ich habe hier ein HP Notebook, wo ich seit letzter zeit festgestellt habe, dass im IE bei einigen Seiten manchmal keine Bilder angezeigt werden sondern nur ein ein schwarzes x angezeigt wird. Auch habe ich bemerkt, wenn ich in ein Suchfeld klicke unterhalb eine Werbung angezeigt wird und ich dort einen Site Search oder Web Search Button bekomme. Dieses Fenster kann ich mit x schließen, aber es kommt immer wieder. Ich verwende auf dem Rechner Antivir. Dort habe ich auch festgestellt, dass ich die Anzeige "Computer ist nicht sicher" bekomme. Der Browser-Schutz ist auf aus. Ich kann ihn aber nicht auf an schalten. Hoffe da kann mir jemand weiterhelfen wie ich diesen Computer wieder sicher machen kann. Vielen Dank |
|
16.01.2014, 10:26
| #2 |
| /// the machine /// TB-Ausbilder    | HP Notebook überprüfen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
16.01.2014, 12:05
| #3 |
| | HP Notebook überprüfen Hier die frst.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by Herbert (administrator) on HERBERT on 16-01-2014 11:59:23
Running from C:\Users\Herbert\Desktop\x
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Google Inc.) C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbarsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dropbox, Inc.) C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Telekom Austria\aonFlex\Guard.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VER_COMPANY_NAME) C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbrmon64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [MyImageConverter EPM Support] - C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jmedint.exe [12872 2014-01-06] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [MyImageConverter_8j Browser Plugin Loader 64] - C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbrmon64.exe [71752 2014-01-06] (VER_COMPANY_NAME)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Herbert Baumgartner\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Herbert Baumgartner\...\Run: [Google Update] - C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKU\Herbert Baumgartner\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\Herbert Baumgartner\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKU\Herbert Baumgartner\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\Herbert Baumgartner\...\Policies\system: [DisableLockWorkstation] 0
HKU\Herbert Baumgartner\...\Policies\system: [DisableChangePassword] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Herbert Baumgartner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9B137E3CC435CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {4491333A-BE23-4018-931D-D8ADF1591333} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&q={searchTerms}
SearchScopes: HKLM-x32 - {94bd6970-1a83-41dc-9be5-bf50b3d0238f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AZ0^xdm036^YYA^at&si=FL_Image_FIG_AUS_4&ptb=2BAC5A2F-B733-48BB-AFED-11C632777C4D&ind=2014010612&n=780b5cf4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&q={searchTerms}
SearchScopes: HKCU - {94bd6970-1a83-41dc-9be5-bf50b3d0238f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AZ0^xdm036^YYA^at&si=FL_Image_FIG_AUS_4&ptb=2BAC5A2F-B733-48BB-AFED-11C632777C4D&ind=2014010612&n=780b5cf4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&q={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files (x86)\Browser Guard\browserguard.dll (Browser Guard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Herbert\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Herbert\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-15] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default
FF user.js: detected! => C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\user.js
FF NewTab: about:home
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
FF NetworkProxy: "ftp", ":"
FF NetworkProxy: "http", ":"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", ":"
FF NetworkProxy: "ssl", ":"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @MyImageConverter_8j.com/Plugin - C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\NP8jStub.dll (Mindspark)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Herbert\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Herbert\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\searchplugins\holasearch.xml
FF SearchPlugin: C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MyImageConverter - C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\8jffxtbr@MyImageConverter_8j.com [2014-01-06]
FF Extension: HomeTab - C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947} [2013-10-01]
FF Extension: ImTranslator - C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-03]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi
FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2013-08-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "hxxp://www.google.at/", "about:newtab?source=home"
CHR DefaultSearchKeyword: search.sweetim.com
CHR DefaultSearchProvider: SweetIM Search
CHR DefaultSearchURL: hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=17&barid={2B8CF2A0-35BF-461B-97DA-431C4EBDA71A}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (HomeTab) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddpogknpjlgfpbboediomaiiaecfajn\4.4_0 [2013-10-01]
CHR Extension: (YouTube) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-12]
CHR Extension: (Google Search) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-04-01]
CHR Extension: (Any.do Extension) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem\1.0.3.8_0 [2013-10-08]
CHR Extension: (Browser Guard) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfepagcelbegkpkcjgfeecmlnmkedjin\0.1_0 [2013-10-01]
CHR Extension: (Google Wallet) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (Gmail) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-02-27]
CHR HKLM-x32\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files (x86)\Browser Guard\browserguard.crx [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MyImageConverter_8jService; C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbarsvc.exe [88648 2014-01-06] (COMPANYVERS_NAME)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-01] (soft Xpansion)
R2 TAGuard; C:\Program Files (x86)\Telekom Austria\aonFlex\Guard.exe [1359200 2008-09-17] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-16 11:59 - 2014-01-16 11:59 - 00000000 ____D C:\FRST
2014-01-16 11:57 - 2014-01-16 11:59 - 00000000 ____D C:\Users\Herbert\Desktop\x
2014-01-15 18:16 - 2014-01-15 18:16 - 00262144 _____ C:\Windows\Minidump\011514-25256-01.dmp
2014-01-15 18:05 - 2014-01-15 18:05 - 00262144 _____ C:\Windows\Minidump\011514-35615-01.dmp
2014-01-15 13:57 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 10:48 - 2014-01-15 10:48 - 00262144 _____ C:\Windows\Minidump\011514-60450-01.dmp
2014-01-15 09:54 - 2014-01-15 09:54 - 00262144 _____ C:\Windows\Minidump\011514-33977-01.dmp
2014-01-15 09:22 - 2014-01-15 09:22 - 00262144 _____ C:\Windows\Minidump\011514-20966-01.dmp
2014-01-12 17:13 - 2014-01-12 17:13 - 00262144 _____ C:\Windows\Minidump\011214-24757-01.dmp
2014-01-12 12:58 - 2014-01-12 12:59 - 00262144 _____ C:\Windows\Minidump\011214-19905-01.dmp
2014-01-09 08:21 - 2014-01-09 08:21 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\GutscheinCodes
2014-01-09 08:20 - 2014-01-09 08:20 - 00002960 _____ C:\Windows\System32\Tasks\{6F34E554-BF79-4A99-A03C-53B5B124D104}
2014-01-06 19:34 - 2014-01-06 19:34 - 00262144 _____ C:\Windows\Minidump\010614-49358-01.dmp
2014-01-06 18:44 - 2014-01-06 18:44 - 00262144 _____ C:\Windows\Minidump\010614-20482-01.dmp
2014-01-06 18:03 - 2014-01-06 18:04 - 00000000 ____D C:\Users\Herbert\AppData\Local\MyImageConverter_8j
2014-01-06 18:03 - 2014-01-06 18:03 - 00000000 ____D C:\Users\Herbert\AppData\Local\IAC
2014-01-06 18:03 - 2014-01-06 18:03 - 00000000 ____D C:\Program Files (x86)\MyImageConverter_8j
2014-01-06 18:01 - 2014-01-06 18:01 - 00066607 _____ C:\Users\Herbert\Downloads\PFYDL_04_1b.inx
2014-01-06 15:08 - 2014-01-06 15:09 - 00262144 _____ C:\Windows\Minidump\010614-21091-01.dmp
2014-01-05 16:50 - 2014-01-06 10:51 - 00035328 ____H C:\Users\Herbert\Desktop\~WRL1198.tmp
2014-01-05 16:50 - 2014-01-05 18:02 - 00032768 ____H C:\Users\Herbert\Desktop\~WRL0603.tmp
2014-01-05 16:50 - 2014-01-05 17:07 - 00030208 ____H C:\Users\Herbert\Desktop\~WRL3189.tmp
2014-01-05 16:50 - 2014-01-05 16:50 - 00029696 ____H C:\Users\Herbert\Desktop\~WRL2075.tmp
2014-01-02 17:30 - 2014-01-02 17:30 - 00262144 _____ C:\Windows\Minidump\010214-31215-01.dmp
2013-12-31 16:13 - 2013-12-31 16:13 - 00262144 _____ C:\Windows\Minidump\123113-19936-01.dmp
2013-12-30 22:47 - 2013-12-30 22:59 - 00003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:59 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:47 - 00003384 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-18 18:32 - 2013-12-18 18:32 - 00262144 _____ C:\Windows\Minidump\121813-21590-01.dmp
==================== One Month Modified Files and Folders =======
2014-01-16 11:59 - 2014-01-16 11:59 - 00000000 ____D C:\FRST
2014-01-16 11:59 - 2014-01-16 11:57 - 00000000 ____D C:\Users\Herbert\Desktop\x
2014-01-16 11:59 - 2011-09-23 00:44 - 01676551 _____ C:\Windows\WindowsUpdate.log
2014-01-16 11:54 - 2012-11-03 11:29 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Skype
2014-01-16 11:54 - 2012-11-03 11:28 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Dropbox
2014-01-16 11:54 - 2012-08-09 13:00 - 00000000 ___RD C:\Users\Herbert Baumgartner\Dropbox
2014-01-16 11:51 - 2012-11-02 17:11 - 00031160 _____ C:\Windows\setupact.log
2014-01-16 11:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 09:47 - 2012-11-03 11:29 - 00001022 _____ C:\Users\Herbert\Desktop\Dropbox.lnk
2014-01-16 09:47 - 2012-11-03 11:28 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 09:47 - 2012-11-03 11:22 - 00000000 ___RD C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 09:36 - 2012-12-03 09:18 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 09:33 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 09:33 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 18:29 - 2012-11-03 13:48 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 18:29 - 2011-07-16 05:07 - 00657938 _____ C:\Windows\system32\perfh007.dat
2014-01-15 18:29 - 2011-07-16 05:07 - 00131296 _____ C:\Windows\system32\perfc007.dat
2014-01-15 18:16 - 2014-01-15 18:16 - 00262144 _____ C:\Windows\Minidump\011514-25256-01.dmp
2014-01-15 18:16 - 2013-11-19 20:49 - 668873485 _____ C:\Windows\MEMORY.DMP
2014-01-15 18:16 - 2013-02-28 22:12 - 00000000 ____D C:\Windows\Minidump
2014-01-15 18:05 - 2014-01-15 18:05 - 00262144 _____ C:\Windows\Minidump\011514-35615-01.dmp
2014-01-15 17:58 - 2009-07-14 05:45 - 00288936 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 17:04 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2014-01-15 17:03 - 2013-07-29 20:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 17:01 - 2012-02-24 22:50 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 10:56 - 2009-07-14 06:13 - 01507500 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 10:48 - 2014-01-15 10:48 - 00262144 _____ C:\Windows\Minidump\011514-60450-01.dmp
2014-01-15 09:54 - 2014-01-15 09:54 - 00262144 _____ C:\Windows\Minidump\011514-33977-01.dmp
2014-01-15 09:28 - 2012-11-03 12:09 - 00000000 ____D C:\Users\Herbert\Documents\Betrieb LW
2014-01-15 09:27 - 2012-02-26 19:56 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-15 09:22 - 2014-01-15 09:22 - 00262144 _____ C:\Windows\Minidump\011514-20966-01.dmp
2014-01-15 08:54 - 2012-11-03 12:10 - 00000000 ____D C:\Users\Herbert\Documents\Comic1
2014-01-12 17:13 - 2014-01-12 17:13 - 00262144 _____ C:\Windows\Minidump\011214-24757-01.dmp
2014-01-12 12:59 - 2014-01-12 12:58 - 00262144 _____ C:\Windows\Minidump\011214-19905-01.dmp
2014-01-10 07:31 - 2012-11-02 17:11 - 00145812 _____ C:\Windows\PFRO.log
2014-01-09 08:43 - 2012-12-24 09:25 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2014-01-09 08:41 - 2013-04-09 07:46 - 00000000 ____D C:\Program Files (x86)\WordToPDF
2014-01-09 08:21 - 2014-01-09 08:21 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\GutscheinCodes
2014-01-09 08:20 - 2014-01-09 08:20 - 00002960 _____ C:\Windows\System32\Tasks\{6F34E554-BF79-4A99-A03C-53B5B124D104}
2014-01-07 21:39 - 2013-10-22 19:00 - 00001975 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-01-06 19:34 - 2014-01-06 19:34 - 00262144 _____ C:\Windows\Minidump\010614-49358-01.dmp
2014-01-06 18:44 - 2014-01-06 18:44 - 00262144 _____ C:\Windows\Minidump\010614-20482-01.dmp
2014-01-06 18:04 - 2014-01-06 18:03 - 00000000 ____D C:\Users\Herbert\AppData\Local\MyImageConverter_8j
2014-01-06 18:03 - 2014-01-06 18:03 - 00000000 ____D C:\Users\Herbert\AppData\Local\IAC
2014-01-06 18:03 - 2014-01-06 18:03 - 00000000 ____D C:\Program Files (x86)\MyImageConverter_8j
2014-01-06 18:03 - 2012-11-03 11:25 - 00000000 ____D C:\Users\Herbert\AppData\Local\CrashDumps
2014-01-06 18:01 - 2014-01-06 18:01 - 00066607 _____ C:\Users\Herbert\Downloads\PFYDL_04_1b.inx
2014-01-06 15:09 - 2014-01-06 15:08 - 00262144 _____ C:\Windows\Minidump\010614-21091-01.dmp
2014-01-06 10:51 - 2014-01-05 16:50 - 00035328 ____H C:\Users\Herbert\Desktop\~WRL1198.tmp
2014-01-05 18:02 - 2014-01-05 16:50 - 00032768 ____H C:\Users\Herbert\Desktop\~WRL0603.tmp
2014-01-05 17:07 - 2014-01-05 16:50 - 00030208 ____H C:\Users\Herbert\Desktop\~WRL3189.tmp
2014-01-05 16:50 - 2014-01-05 16:50 - 00029696 ____H C:\Users\Herbert\Desktop\~WRL2075.tmp
2014-01-04 09:46 - 2012-11-03 12:28 - 00000000 ____D C:\Users\Herbert\Documents\Privat
2014-01-04 09:37 - 2012-09-07 11:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-02 17:30 - 2014-01-02 17:30 - 00262144 _____ C:\Windows\Minidump\010214-31215-01.dmp
2013-12-31 16:13 - 2013-12-31 16:13 - 00262144 _____ C:\Windows\Minidump\123113-19936-01.dmp
2013-12-31 08:43 - 2012-02-24 22:03 - 00000000 ____D C:\ProgramData\Skype
2013-12-31 08:42 - 2012-02-24 22:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-31 08:39 - 2012-04-28 18:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 22:59 - 2013-12-30 22:47 - 00003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-12-30 22:47 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-02-06 08:01 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-02-06 08:01 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:47 - 00003384 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 18:33 - 2013-12-10 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 10:34 - 2012-03-30 14:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 08:34 - 2012-03-30 14:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-20 08:34 - 2012-03-30 14:54 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-20 08:34 - 2011-07-15 19:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-20 08:08 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-19 19:16 - 2012-11-03 12:11 - 00000000 ____D C:\Users\Herbert\Documents\Herbalife
2013-12-19 15:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 18:32 - 2013-12-18 18:32 - 00262144 _____ C:\Windows\Minidump\121813-21590-01.dmp
2013-12-18 18:25 - 2013-05-06 12:25 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 18:25 - 2013-03-28 19:42 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 18:25 - 2013-03-28 19:42 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Herbert\AppData\Local\Temp\apptorun.exe
C:\Users\Herbert\AppData\Local\Temp\AskSLib.dll
C:\Users\Herbert\AppData\Local\Temp\avgnt.exe
C:\Users\Herbert\AppData\Local\Temp\Execute2App.exe
C:\Users\Herbert\AppData\Local\Temp\Installer.exe
C:\Users\Herbert\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Herbert\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Herbert\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Herbert\AppData\Local\Temp\msvcp90.dll
C:\Users\Herbert\AppData\Local\Temp\msvcr90.dll
C:\Users\Herbert\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Herbert\AppData\Local\Temp\stubhelper.dll
C:\Users\Herbert\AppData\Local\Temp\uninst1.exe
C:\Users\Herbert Baumgartner\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-11-05 16:27
==================== End Of Log ============================
und die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014 03
Ran by Herbert at 2014-01-16 12:01:13
Running from C:\Users\Herbert\Desktop\x
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
AddPrinterx32 (x32 Version: 50.0.165.000 - HP) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
aonUpdate (x32 Version: - Telekom Austria TA AG)
aonUpdate (x32 Version: 1.3 - Telekom Austria TA AG) Hidden
Ask Toolbar (x32 Version: 1.15.10.0 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (Version: 3.0.816.0 - ATI Technologies, Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.4.1.29781 - Ask.com)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Breitband-Internet-Installation (x32 Version: - Telekom Austria TA AG)
Breitband-Internet-Installation (x32 Version: 1.0.0.1 - Telekom Austria TA AG) Hidden
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.86 - Broadcom Corporation)
Broadcom Bluetooth Software (Version: 6.5.0.1300 - Broadcom Corporation)
Broadcom InConcert Maestro (Version: 1.0.1.1300 - Broadcom Corporation)
Browser Guard (x32 Version: - )
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon Easy-WebPrint EX (x32 Version: 1.3.5.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32 Version: - )
Canon MP Navigator EX 4.0 (x32 Version: - )
Canon MP280 series Benutzerregistrierung (x32 Version: - )
Canon MP280 series MP Drivers (Version: - )
Canon My Printer (x32 Version: - )
Canon Solution Menu EX (x32 Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0508.224.2391 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0508.224.2391 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0508.224.2391 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0508.224.2391 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0508.224.2391 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help English (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help French (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help German (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0508.0223.2391 - ATI) Hidden
ccc-utility64 (Version: 2011.0508.224.2391 - ATI) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (x32 Version: 3.5.1.4119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.4119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HomeTab 4.4 (x32 Version: 4.4 - HomeTab)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.1.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP Launch Box (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (x32 Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (x32 Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.6.3 - Hewlett-Packard Company)
HP QuickWeb (x32 Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (x32 Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (x32 Version: 1.0.6341.0 - IDT)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (x32 Version: 6.0.370 - Oracle)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (x32 Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobile Breitband-Internet-Installation (x32 Version: - Telekom Austria TA AG)
Mobile Breitband-Internet-Installation (x32 Version: 1.0 - Telekom Austria TA AG) Hidden
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 22.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MusicStation (x32 Version: 2.0.5.71 - Omnifone)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Security Scan (x32 Version: 3.7.2.10 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (x32 Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RedMon - Redirection Port Monitor (Version: - )
Samsung Kies (x32 Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (x32 Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SweetPacks bundle uninstaller (x32 Version: 1.0.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics TouchPad Driver (Version: 15.3.29.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VIP Access SDK (1.0.1.2) (x32 Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
18-12-2013 17:25:45 Removed Java 7 Update 45
31-12-2013 13:15:35 Geplanter Prüfpunkt
09-01-2014 07:41:54 Removed SweetPacks bundle uninstaller
15-01-2014 16:01:04 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D7CAAF1-F3F4-4C89-B39F-909894DB463E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {14D95B9A-372B-43E1-A7A8-04AE99ED339C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3782615187-734511086-1096893380-1003UA => C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
Task: {1B854E71-92D5-4359-B73E-F5682E3CFB73} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {36763A9C-E6D8-4A21-83FB-6F3A38B1CB72} - System32\Tasks\Norton Security Scan for Herbert Baumgartner => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
Task: {3C2149D1-5EB0-455E-9A0A-A2A97E885C16} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {427E0AF6-C2F1-4626-B23A-7857ACE66B64} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {4EB9E5C4-1F34-4958-BABD-3643FA4D589E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-20] (Adobe Systems Incorporated)
Task: {5C619A1F-E6E7-4DAA-B10B-90635B584F6D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3782615187-734511086-1096893380-1003Core => C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
Task: {697572F3-BAC8-461B-AB37-8FBC61CCE17D} - System32\Tasks\HPCeeScheduleForHerbert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {6A4D5DDC-7535-46AD-9B48-DD2E57ADF085} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {76C729FE-3AD4-4786-BC55-278848BB120D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {7AF744A7-5E67-4165-92E2-0CC79CAF351A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {7EB7FEB7-14C3-40DA-88A9-6FAF61FDBBF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {9FE3EFAD-39B8-43A9-BA78-49AE7FDC4ECF} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-19] ()
Task: {A30DB6EE-E937-4966-8B23-7E33AD133C96} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A4909339-064B-43B9-B194-AC23B35719A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {A6F33BAC-C3B1-452B-8FDC-BC68E387DD22} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A7280EB6-5756-45F0-80B0-CEF409779CE8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AEA232B6-007F-446F-9288-FAC43B08D9A6} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {BEDF71C1-A6D7-49F2-B9B6-E5040724CC28} - System32\Tasks\HPCeeScheduleForHerbert Baumgartner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C3F9558E-3806-4A4A-A4CB-014CA46837FF} - System32\Tasks\Norton Security Scan for Herbert => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.10\Nss.exe [2012-11-02] (Symantec Corporation)
Task: {C9CA3D80-1CB3-417A-92E2-CE2CBF8A88B5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CA030364-5572-46C7-BB93-10140A802F16} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D3557BC1-1778-4AF1-9389-9AB8E7EF30AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {D7836AC4-F58A-4F49-B731-18AE16BEBFFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {DE227D3F-4FA0-440D-BE73-593FAA60FD48} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe [2013-08-13] (Simplygen) <==== ATTENTION
Task: {DE8E3C2B-3F12-4B59-B328-0218B2FCC410} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3782615187-734511086-1096893380-1001Core => C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
Task: {E61728B8-83F3-4487-A630-15E304B34FF0} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {EC121D37-E6A2-402A-8CAC-5148F58A8B1A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {EFF9F8D7-0A15-4A25-B461-ED8A9D970DD8} - System32\Tasks\{6F34E554-BF79-4A99-A03C-53B5B124D104} => C:\Program Files (x86)\WordToPDF\WordToPDF.exe [2012-12-28] (www.smile-to-me.de)
Task: {F4048059-2C3D-4E20-AEDE-77B305FAA682} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3782615187-734511086-1096893380-1001UA => C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
Task: {F5959F68-E3F7-4E1D-92F5-973D923A46C5} - System32\Tasks\HPCeeScheduleForHERBERT$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {FA00D433-9BEF-4433-81AF-103CD119ECD2} - System32\Tasks\Browser Updater\Browser Updater => Rundll32.exe "C:\Program Files (x86)\HomeTab\TBUpdater.dll",TBCheckForUpdate
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782615187-734511086-1096893380-1001Core.job => C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782615187-734511086-1096893380-1001UA.job => C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782615187-734511086-1096893380-1003Core.job => C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782615187-734511086-1096893380-1003UA.job => C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHerbert Baumgartner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHERBERT$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHerbert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Herbert Baumgartner.job => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
Task: C:\Windows\Tasks\Norton Security Scan for Herbert.job => C:\PROGRA~2\NORTON~2\Engine\372~1.10\Nss.exe
==================== Loaded Modules (whitelisted) =============
2011-04-15 19:16 - 2011-04-15 19:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-16 17:57 - 2011-06-16 17:57 - 00081696 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeLib.dll
2011-05-12 13:13 - 2011-05-12 13:13 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-08 01:23 - 2011-05-08 01:23 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-02 17:22 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Herbert\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-15 19:43 - 2013-08-15 19:43 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2011-09-23 00:43 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2014 11:52:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2014 10:07:59 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
Error: (01/16/2014 10:07:59 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
Error: (01/16/2014 09:25:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2014 06:32:15 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
Error: (01/15/2014 06:32:15 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
Error: (01/15/2014 06:18:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2014 06:06:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2014 05:59:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2014 05:56:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/16/2014 11:52:48 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (01/16/2014 11:51:49 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (01/16/2014 11:51:46 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (01/16/2014 09:24:59 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (01/16/2014 09:23:53 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (01/16/2014 09:23:52 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (01/15/2014 06:18:33 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (01/15/2014 06:17:03 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (01/15/2014 06:17:01 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (01/15/2014 06:16:53 PM) (Source: BugCheck) (User: )
Description: 0x00000050 (0xfffff880d602cfa0, 0x0000000000000000, 0xfffff88005af5c75, 0x0000000000000005)C:\Windows\MEMORY.DMP011514-25256-01
Microsoft Office Sessions:
=========================
Error: (01/16/2014 11:52:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2014 10:07:59 AM) (Source: ATIeRecord)(User: )
Description:
Error: (01/16/2014 10:07:59 AM) (Source: ATIeRecord)(User: )
Description:
Error: (01/16/2014 09:25:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2014 06:32:15 PM) (Source: ATIeRecord)(User: )
Description:
Error: (01/15/2014 06:32:15 PM) (Source: ATIeRecord)(User: )
Description:
Error: (01/15/2014 06:18:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2014 06:06:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2014 05:59:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2014 05:56:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-10-09 07:45:37.623
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:37.583
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:35.216
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:35.177
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:31.958
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:31.925
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:29.583
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:29.534
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:27.141
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-09 07:45:27.104
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 6091.86 MB
Available physical RAM: 3436.21 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 9251.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:678.02 GB) (Free:434.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:16.45 GB) (Free:1.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.96 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: CF92579A)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=678 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== End Of Log ============================
|
|
17.01.2014, 11:58
| #4 |
| /// the machine /// TB-Ausbilder | HP Notebook überprüfen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.01.2014, 18:42
| #5 |
| | HP Notebook überprüfen Danke für die Antwort. Hier die Dateien malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Herbert :: HERBERT [Administrator] Schutz: Aktiviert 17.01.2014 16:56:05 mbam-log-2014-01-17 (16-56-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267204 Laufzeit: 11 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Herbert\AppData\Roaming\HomeTab\HomeTab.dll (PUP.Optional.HomeTab.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 17 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{327b0f8c-49d9-466c-a8ab-0c30310a3ad0}_is1 (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{3c98be86-cf79-4484-a2b2-dfe1ee126592} (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{2690da64-4be2-4afa-b159-af0e41f23b6e} (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687} (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wtb.NotificationSource.1 (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wtb.NotificationSource (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{a25e7121-3dd8-41b3-855b-756c5bc45449} (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wtb.Band.1 (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wtb.Band (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A25E7121-3DD8-41B3-855B-756C5BC45449} (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A25E7121-3DD8-41B3-855B-756C5BC45449} (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A25E7121-3DD8-41B3-855B-756C5BC45449} (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SMARTBAR (PUP.Optional.SnapDo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A25E7121-3DD8-41B3-855B-756C5BC45449} (PUP.Optional.HomeTab.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Smartbar|publisher (PUP.Optional.SnapDo.A) -> Daten: SnapdoSoftonicYB -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Sweetpacks Communicator (PUP.Optional.SweetPacks.A) -> Daten: C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {2B8CF2A0-35BF-461B-97DA-431C4EBDA71A} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 8 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 14 C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\SimplyTech\home (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\components (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\plugins (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\OpenCandy\69D1A2364AA240C8A0DE978CA97B5902 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\OpenCandy\886D317F02B54C60A1A28CCA2C533EEA (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 46 C:\Users\Herbert\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Local\Temp\2827278562\chromeupdaterfull.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Local\Temp\4108845567\simboapp.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Local\Temp\EAAD38BD-BAB0-7891-9833-728557B5AEF0\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Local\Temp\EAAD38BD-BAB0-7891-9833-728557B5AEF0\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Local\Temp\EAAD38BD-BAB0-7891-9833-728557B5AEF0\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Local\DownloadGuide\Offers\hometab.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Launcher.exe (PUP.Optional.Simplytech) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\49e46.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\SimplyTech\home\home.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\SimplyTech\home\jquery-ui-1.10.1.custom.min.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\SimplyTech\home\jquiso.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\SimplyTech\home\style.css (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\SimplyTech\home\vars.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\Microsoft.Win32.TaskScheduler.xml (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\cinshlpr.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\hometab_icon.ico (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\InstallHelper.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\Interop.IWshRuntimeLibrary.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\ProtectedSearch.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\ProtectedSearch.ico (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\STInst64.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\STInst64.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\System.Data.SQLite.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\TaskSchedulerCreator.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\TBUpdater.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\ToolbarUninstall.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\unins000.dat (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\unins000.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome.manifest (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\install.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\install.rdf (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\pop.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome\HomeTab_6787.jar (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\components\wtb_complete.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\plugins\npwiddit.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeTab\Protected Search Settings.lnk (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\HomeTab\HomeTab.dll (PUP.Optional.HomeTab.A) -> Löschen bei Neustart. C:\Users\Herbert\AppData\Roaming\OpenCandy\69D1A2364AA240C8A0DE978CA97B5902\PasswordBoxCHSTORE_p1v0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\OpenCandy\886D317F02B54C60A1A28CCA2C533EEA\TuneUpUtilities2013-2200213_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Herbert\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 17/01/2014 um 17:24:52
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Herbert - HERBERT
# Gestartet von : C:\Users\Herbert\Desktop\x\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\SoftwareUpdater
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\TEMP\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\TEMP\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\TEMP\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\TEMP\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Herbert Baumgartner\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Herbert Baumgartner\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Herbert Baumgartner\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Herbert\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Herbert\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Herbert\AppData\Local\iac
Ordner Gelöscht : C:\Users\Herbert\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Herbert\AppData\LocalLow\GutscheinCodes
Ordner Gelöscht : C:\Users\Herbert\AppData\LocalLow\HomeTab
Ordner Gelöscht : C:\Users\Herbert\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Herbert\AppData\Roaming\GutscheinCodes
Ordner Gelöscht : C:\Users\Herbert\AppData\Roaming\HomeTab
Ordner Gelöscht : C:\Users\Herbert\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Herbert\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Herbert\AppData\Roaming\SimplyTech
Ordner Gelöscht : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Datei Gelöscht : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\pdfforge@mybrowserbar.com
Datei Gelöscht : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\wtxpcom@mybrowserbar.com
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Herbert Baumgartner\Desktop\Search The Web.url
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\searchplugins\holasearch.xml
Datei Gelöscht : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater
Datei Gelöscht : C:\Windows\System32\Tasks\ProtectedSearch
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5b53d8deb068ed41
Schlüssel Gelöscht : HKLM\SOFTWARE\5b53d8deb068ed41
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf24-creator_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf24-creator_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-movie-maker-2012_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-movie-maker-2012_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyImageConverter_8j Browser Plugin Loader 64]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F905535E-9C87-4A3F-8A3E-4E3B54C461C5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B6EF34C0188ECFA43B48A4BE9C00748E
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v22.0 (de)
[ Datei : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[ Datei : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.holasearch.admin", false);
Zeile gelöscht : user_pref("extensions.holasearch.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Zeile gelöscht : user_pref("extensions.holasearch.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.holasearch.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.holasearch.excTlbr", false);
Zeile gelöscht : user_pref("extensions.holasearch.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.holasearch.id", "0e674d1000000000000060d819ddb03d");
Zeile gelöscht : user_pref("extensions.holasearch.instlDay", "15805");
Zeile gelöscht : user_pref("extensions.holasearch.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.holasearch.newTab", false);
Zeile gelöscht : user_pref("extensions.holasearch.prdct", "holasearch");
Zeile gelöscht : user_pref("extensions.holasearch.prtnrId", "holasearch");
Zeile gelöscht : user_pref("extensions.holasearch.rvrt", "false");
Zeile gelöscht : user_pref("extensions.holasearch.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.holasearch.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.holasearch.vrsnTs", "1.8.16.168:28:11");
Zeile gelöscht : user_pref("extensions.holasearch.vrsni", "1.8.16.16");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=17&barid={2B8CF2A0-35BF-461B-97DA-431C4EBDA71A}");
-\\ Google Chrome v
[ Datei : C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : urls_to_restore_on_startup
[ Datei : C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : search_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [23864 octets] - [17/01/2014 17:22:50]
AdwCleaner[S0].txt - [21855 octets] - [17/01/2014 17:24:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21916 octets] ##########
Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 17/01/2014 um 17:22:50
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Herbert - HERBERT
# Gestartet von : C:\Users\Herbert\Desktop\x\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\pdfforge@mybrowserbar.com
Datei Gefunden : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\wtxpcom@mybrowserbar.com
Datei Gefunden : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Herbert Baumgartner\Desktop\Search The Web.url
Datei Gefunden : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\searchplugins\holasearch.xml
Datei Gefunden : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\user.js
Datei Gefunden : C:\Windows\System32\roboot64.exe
Datei Gefunden : C:\Windows\System32\Tasks\Browser Updater
Datei Gefunden : C:\Windows\System32\Tasks\ProtectedSearch
Datei Gefunden : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Ordner Gefunden : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gefunden : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gefunden C:\Program Files (x86)\Ask.com
Ordner Gefunden C:\Program Files (x86)\myfree codec
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\SoftwareUpdater
Ordner Gefunden C:\Users\Herbert Baumgartner\AppData\LocalLow\AskToolbar
Ordner Gefunden C:\Users\Herbert Baumgartner\AppData\LocalLow\pdfforge
Ordner Gefunden C:\Users\Herbert Baumgartner\AppData\LocalLow\Search Settings
Ordner Gefunden C:\Users\Herbert\AppData\Local\AskToolbar
Ordner Gefunden C:\Users\Herbert\AppData\Local\DownloadGuide
Ordner Gefunden C:\Users\Herbert\AppData\Local\iac
Ordner Gefunden C:\Users\Herbert\AppData\LocalLow\AskToolbar
Ordner Gefunden C:\Users\Herbert\AppData\LocalLow\GutscheinCodes
Ordner Gefunden C:\Users\Herbert\AppData\LocalLow\HomeTab
Ordner Gefunden C:\Users\Herbert\AppData\LocalLow\SimplyTech
Ordner Gefunden C:\Users\Herbert\AppData\Roaming\GutscheinCodes
Ordner Gefunden C:\Users\Herbert\AppData\Roaming\HomeTab
Ordner Gefunden C:\Users\Herbert\AppData\Roaming\pdfforge
Ordner Gefunden C:\Users\Herbert\AppData\Roaming\PerformerSoft
Ordner Gefunden C:\Users\Herbert\AppData\Roaming\SimplyTech
Ordner Gefunden C:\Users\TEMP\AppData\Local\AskToolbar
Ordner Gefunden C:\Users\TEMP\AppData\LocalLow\AskToolbar
Ordner Gefunden C:\Users\TEMP\AppData\LocalLow\pdfforge
Ordner Gefunden C:\Users\TEMP\AppData\LocalLow\Search Settings
Ordner Gefunden C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\5b53d8deb068ed41
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Simplytech\HomeTab
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\filescout
Schlüssel Gefunden : HKCU\Software\HomeTab
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : HKCU\Software\Simplytech\HomeTab
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\AskToolbar
Schlüssel Gefunden : [x64] HKCU\Software\filescout
Schlüssel Gefunden : [x64] HKCU\Software\HomeTab
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gefunden : [x64] HKCU\Software\simplytech
Schlüssel Gefunden : [x64] HKCU\Software\Simplytech\HomeTab
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\5b53d8deb068ed41
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\B6EF34C0188ECFA43B48A4BE9C00748E
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F905535E-9C87-4A3F-8A3E-4E3B54C461C5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Wow6432Node\AppID\GutscheinCodes.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf24-creator_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf24-creator_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-movie-maker-2012_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-movie-maker-2012_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyImageConverter_8j Browser Plugin Loader 64]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&q=%s
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&q=%s
-\\ Mozilla Firefox v22.0 (de)
[ Datei : C:\Users\Herbert Baumgartner\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gefunden : user_pref("browser.search.order.1", "Web Search");
Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search");
Zeile gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gefunden : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
[ Datei : C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search");
Zeile gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gefunden : user_pref("browser.search.order.1", "Web Search");
Zeile gefunden : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gefunden : user_pref("extensions.holasearch.admin", false);
Zeile gefunden : user_pref("extensions.holasearch.aflt", "babsst");
Zeile gefunden : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Zeile gefunden : user_pref("extensions.holasearch.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.holasearch.dfltLng", "en");
Zeile gefunden : user_pref("extensions.holasearch.excTlbr", false);
Zeile gefunden : user_pref("extensions.holasearch.ffxUnstlRst", false);
Zeile gefunden : user_pref("extensions.holasearch.id", "0e674d1000000000000060d819ddb03d");
Zeile gefunden : user_pref("extensions.holasearch.instlDay", "15805");
Zeile gefunden : user_pref("extensions.holasearch.instlRef", "sst");
Zeile gefunden : user_pref("extensions.holasearch.newTab", false);
Zeile gefunden : user_pref("extensions.holasearch.prdct", "holasearch");
Zeile gefunden : user_pref("extensions.holasearch.prtnrId", "holasearch");
Zeile gefunden : user_pref("extensions.holasearch.rvrt", "false");
Zeile gefunden : user_pref("extensions.holasearch.smplGrp", "none");
Zeile gefunden : user_pref("extensions.holasearch.tlbrId", "base");
Zeile gefunden : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Zeile gefunden : user_pref("extensions.holasearch.vrsnTs", "1.8.16.168:28:11");
Zeile gefunden : user_pref("extensions.holasearch.vrsni", "1.8.16.16");
Zeile gefunden : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380622159793&tguid=66920-6787-1380622159793-9F51BB9A17C03F04E6D3DD523F3797C4&st=chrome&q=");
Zeile gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=17&barid={2B8CF2A0-35BF-461B-97DA-431C4EBDA71A}");
-\\ Google Chrome v
[ Datei : C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : urls_to_restore_on_startup
[ Datei : C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : search_url
Gefunden : keyword
*************************
AdwCleaner[R0].txt - [23614 octets] - [17/01/2014 17:22:50]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [23675 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Herbert on 17.01.2014 at 18:22:06,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3782615187-734511086-1096893380-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{94bd6970-1a83-41dc-9be5-bf50b3d0238f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{94bd6970-1a83-41dc-9be5-bf50b3d0238f}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Herbert\appdata\local\{592AE07B-D4D8-4892-980B-05206054D4FB}
Successfully deleted: [Empty Folder] C:\Users\Herbert\appdata\local\{7E826DD7-9A98-4B22-95A0-A433F50A6DE9}
Successfully deleted: [Empty Folder] C:\Users\Herbert\appdata\local\{D34A9D97-7E4D-4390-B1B0-C47CB62D2ED7}
Successfully deleted: [Empty Folder] C:\Users\Herbert\appdata\local\{ED31E83C-3AE2-4259-9279-A58D7B835666}
~~~ FireFox
Emptied folder: C:\Users\Herbert\AppData\Roaming\mozilla\firefox\profiles\jwfszd72.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.01.2014 at 18:28:20,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 02
Ran by Herbert (administrator) on HERBERT on 17-01-2014 18:33:01
Running from C:\Users\Herbert\Desktop\x
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbarsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Telekom Austria\aonFlex\Guard.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Thisisu) C:\Users\Herbert\Desktop\x\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [MyImageConverter EPM Support] - C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jmedint.exe [12872 2014-01-06] (Mindspark Interactive Network, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Herbert Baumgartner\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Herbert Baumgartner\...\Run: [Google Update] - C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKU\Herbert Baumgartner\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\Herbert Baumgartner\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKU\Herbert Baumgartner\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\Herbert Baumgartner\...\Policies\system: [DisableLockWorkstation] 0
HKU\Herbert Baumgartner\...\Policies\system: [DisableChangePassword] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Herbert Baumgartner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9B137E3CC435CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
SearchScopes: HKLM - {4491333A-BE23-4018-931D-D8ADF1591333} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files (x86)\Browser Guard\browserguard.dll (Browser Guard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-15] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default
FF NewTab: about:home
FF Homepage: about:home
FF NetworkProxy: "ftp", ":"
FF NetworkProxy: "http", ":"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", ":"
FF NetworkProxy: "ssl", ":"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @MyImageConverter_8j.com/Plugin - C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\NP8jStub.dll (Mindspark)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Herbert\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Herbert\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MyImageConverter - C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\8jffxtbr@MyImageConverter_8j.com [2014-01-06]
FF Extension: ImTranslator - C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-03]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi
FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2013-08-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "hxxp://www.google.at/", "about:newtab?source=home"
CHR DefaultSearchProvider: SweetIM Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (HomeTab) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddpogknpjlgfpbboediomaiiaecfajn [2013-10-01]
CHR Extension: (YouTube) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-03]
CHR Extension: (Google-Suche) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-03]
CHR Extension: (Any.do Extension) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2012-12-17]
CHR Extension: (Browser Guard) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfepagcelbegkpkcjgfeecmlnmkedjin [2013-10-01]
CHR Extension: (Google Wallet) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Mail) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-03]
CHR HKLM-x32\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2012-11-03]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files (x86)\Browser Guard\browserguard.crx [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MyImageConverter_8jService; C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbarsvc.exe [88648 2014-01-06] (COMPANYVERS_NAME)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-01] (soft Xpansion)
R2 TAGuard; C:\Program Files (x86)\Telekom Austria\aonFlex\Guard.exe [1359200 2008-09-17] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 18:28 - 2014-01-17 18:28 - 00001879 _____ C:\Users\Herbert\Desktop\JRT.txt
2014-01-17 18:22 - 2014-01-17 18:22 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 17:22 - 2014-01-17 17:25 - 00000000 ____D C:\AdwCleaner
2014-01-17 16:52 - 2014-01-17 16:52 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Malwarebytes
2014-01-17 16:51 - 2014-01-17 16:51 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-17 16:51 - 2014-01-17 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 16:51 - 2014-01-17 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 16:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-16 11:59 - 2014-01-17 18:32 - 00000000 ____D C:\FRST
2014-01-16 11:57 - 2014-01-17 18:33 - 00000000 ____D C:\Users\Herbert\Desktop\x
2014-01-15 18:16 - 2014-01-15 18:16 - 00262144 _____ C:\Windows\Minidump\011514-25256-01.dmp
2014-01-15 18:05 - 2014-01-15 18:05 - 00262144 _____ C:\Windows\Minidump\011514-35615-01.dmp
2014-01-15 13:57 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 10:48 - 2014-01-15 10:48 - 00262144 _____ C:\Windows\Minidump\011514-60450-01.dmp
2014-01-15 09:54 - 2014-01-15 09:54 - 00262144 _____ C:\Windows\Minidump\011514-33977-01.dmp
2014-01-15 09:22 - 2014-01-15 09:22 - 00262144 _____ C:\Windows\Minidump\011514-20966-01.dmp
2014-01-12 17:13 - 2014-01-12 17:13 - 00262144 _____ C:\Windows\Minidump\011214-24757-01.dmp
2014-01-12 12:58 - 2014-01-12 12:59 - 00262144 _____ C:\Windows\Minidump\011214-19905-01.dmp
2014-01-09 08:20 - 2014-01-09 08:20 - 00002960 _____ C:\Windows\System32\Tasks\{6F34E554-BF79-4A99-A03C-53B5B124D104}
2014-01-06 19:34 - 2014-01-06 19:34 - 00262144 _____ C:\Windows\Minidump\010614-49358-01.dmp
2014-01-06 18:44 - 2014-01-06 18:44 - 00262144 _____ C:\Windows\Minidump\010614-20482-01.dmp
2014-01-06 18:03 - 2014-01-06 18:04 - 00000000 ____D C:\Users\Herbert\AppData\Local\MyImageConverter_8j
2014-01-06 18:03 - 2014-01-06 18:03 - 00000000 ____D C:\Program Files (x86)\MyImageConverter_8j
2014-01-06 18:01 - 2014-01-06 18:01 - 00066607 _____ C:\Users\Herbert\Downloads\PFYDL_04_1b.inx
2014-01-06 15:08 - 2014-01-06 15:09 - 00262144 _____ C:\Windows\Minidump\010614-21091-01.dmp
2014-01-05 16:50 - 2014-01-06 10:51 - 00035328 ____H C:\Users\Herbert\Desktop\~WRL1198.tmp
2014-01-05 16:50 - 2014-01-05 18:02 - 00032768 ____H C:\Users\Herbert\Desktop\~WRL0603.tmp
2014-01-05 16:50 - 2014-01-05 17:07 - 00030208 ____H C:\Users\Herbert\Desktop\~WRL3189.tmp
2014-01-05 16:50 - 2014-01-05 16:50 - 00029696 ____H C:\Users\Herbert\Desktop\~WRL2075.tmp
2014-01-02 17:30 - 2014-01-02 17:30 - 00262144 _____ C:\Windows\Minidump\010214-31215-01.dmp
2013-12-31 16:13 - 2013-12-31 16:13 - 00262144 _____ C:\Windows\Minidump\123113-19936-01.dmp
2013-12-30 22:47 - 2013-12-30 22:59 - 00003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:59 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:47 - 00003384 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-18 18:32 - 2013-12-18 18:32 - 00262144 _____ C:\Windows\Minidump\121813-21590-01.dmp
==================== One Month Modified Files and Folders =======
2014-01-17 18:33 - 2014-01-16 11:57 - 00000000 ____D C:\Users\Herbert\Desktop\x
2014-01-17 18:32 - 2014-01-16 11:59 - 00000000 ____D C:\FRST
2014-01-17 18:28 - 2014-01-17 18:28 - 00001879 _____ C:\Users\Herbert\Desktop\JRT.txt
2014-01-17 18:27 - 2012-11-03 11:29 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Skype
2014-01-17 18:22 - 2014-01-17 18:22 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 17:36 - 2012-12-03 09:18 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 17:34 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 17:34 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 17:27 - 2012-11-03 11:28 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Dropbox
2014-01-17 17:27 - 2012-08-09 13:00 - 00000000 ___RD C:\Users\Herbert Baumgartner\Dropbox
2014-01-17 17:26 - 2012-11-02 17:11 - 00031328 _____ C:\Windows\setupact.log
2014-01-17 17:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 17:25 - 2014-01-17 17:22 - 00000000 ____D C:\AdwCleaner
2014-01-17 17:25 - 2012-11-02 17:11 - 00161468 _____ C:\Windows\PFRO.log
2014-01-17 17:25 - 2011-09-23 00:44 - 01715915 _____ C:\Windows\WindowsUpdate.log
2014-01-17 17:24 - 2013-10-01 11:09 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2014-01-17 17:24 - 2013-10-01 11:09 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2014-01-17 16:52 - 2014-01-17 16:52 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Malwarebytes
2014-01-17 16:51 - 2014-01-17 16:51 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-17 16:51 - 2014-01-17 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 16:51 - 2014-01-17 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 16:47 - 2012-11-06 18:35 - 00002365 _____ C:\Users\Herbert\Desktop\Google Chrome.lnk
2014-01-17 16:43 - 2012-11-03 14:20 - 00000000 ____D C:\Users\Herbert\AppData\Local\DoNotTrackPlus
2014-01-16 09:47 - 2012-11-03 11:29 - 00001022 _____ C:\Users\Herbert\Desktop\Dropbox.lnk
2014-01-16 09:47 - 2012-11-03 11:28 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 09:47 - 2012-11-03 11:22 - 00000000 ___RD C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 18:29 - 2012-11-03 13:48 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 18:29 - 2011-07-16 05:07 - 00657938 _____ C:\Windows\system32\perfh007.dat
2014-01-15 18:29 - 2011-07-16 05:07 - 00131296 _____ C:\Windows\system32\perfc007.dat
2014-01-15 18:16 - 2014-01-15 18:16 - 00262144 _____ C:\Windows\Minidump\011514-25256-01.dmp
2014-01-15 18:16 - 2013-11-19 20:49 - 668873485 _____ C:\Windows\MEMORY.DMP
2014-01-15 18:16 - 2013-02-28 22:12 - 00000000 ____D C:\Windows\Minidump
2014-01-15 18:05 - 2014-01-15 18:05 - 00262144 _____ C:\Windows\Minidump\011514-35615-01.dmp
2014-01-15 17:58 - 2009-07-14 05:45 - 00288936 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 17:04 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2014-01-15 17:03 - 2013-07-29 20:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 17:01 - 2012-02-24 22:50 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 10:56 - 2009-07-14 06:13 - 01507500 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 10:48 - 2014-01-15 10:48 - 00262144 _____ C:\Windows\Minidump\011514-60450-01.dmp
2014-01-15 09:54 - 2014-01-15 09:54 - 00262144 _____ C:\Windows\Minidump\011514-33977-01.dmp
2014-01-15 09:28 - 2012-11-03 12:09 - 00000000 ____D C:\Users\Herbert\Documents\Betrieb LW
2014-01-15 09:27 - 2012-02-26 19:56 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-15 09:22 - 2014-01-15 09:22 - 00262144 _____ C:\Windows\Minidump\011514-20966-01.dmp
2014-01-15 08:54 - 2012-11-03 12:10 - 00000000 ____D C:\Users\Herbert\Documents\Comic1
2014-01-12 17:13 - 2014-01-12 17:13 - 00262144 _____ C:\Windows\Minidump\011214-24757-01.dmp
2014-01-12 12:59 - 2014-01-12 12:58 - 00262144 _____ C:\Windows\Minidump\011214-19905-01.dmp
2014-01-09 08:41 - 2013-04-09 07:46 - 00000000 ____D C:\Program Files (x86)\WordToPDF
2014-01-09 08:20 - 2014-01-09 08:20 - 00002960 _____ C:\Windows\System32\Tasks\{6F34E554-BF79-4A99-A03C-53B5B124D104}
2014-01-07 21:39 - 2013-10-22 19:00 - 00001975 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-01-06 19:34 - 2014-01-06 19:34 - 00262144 _____ C:\Windows\Minidump\010614-49358-01.dmp
2014-01-06 18:44 - 2014-01-06 18:44 - 00262144 _____ C:\Windows\Minidump\010614-20482-01.dmp
2014-01-06 18:04 - 2014-01-06 18:03 - 00000000 ____D C:\Users\Herbert\AppData\Local\MyImageConverter_8j
2014-01-06 18:03 - 2014-01-06 18:03 - 00000000 ____D C:\Program Files (x86)\MyImageConverter_8j
2014-01-06 18:03 - 2012-11-03 11:25 - 00000000 ____D C:\Users\Herbert\AppData\Local\CrashDumps
2014-01-06 18:01 - 2014-01-06 18:01 - 00066607 _____ C:\Users\Herbert\Downloads\PFYDL_04_1b.inx
2014-01-06 15:09 - 2014-01-06 15:08 - 00262144 _____ C:\Windows\Minidump\010614-21091-01.dmp
2014-01-06 10:51 - 2014-01-05 16:50 - 00035328 ____H C:\Users\Herbert\Desktop\~WRL1198.tmp
2014-01-05 18:02 - 2014-01-05 16:50 - 00032768 ____H C:\Users\Herbert\Desktop\~WRL0603.tmp
2014-01-05 17:07 - 2014-01-05 16:50 - 00030208 ____H C:\Users\Herbert\Desktop\~WRL3189.tmp
2014-01-05 16:50 - 2014-01-05 16:50 - 00029696 ____H C:\Users\Herbert\Desktop\~WRL2075.tmp
2014-01-04 09:46 - 2012-11-03 12:28 - 00000000 ____D C:\Users\Herbert\Documents\Privat
2014-01-04 09:37 - 2012-09-07 11:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-02 17:30 - 2014-01-02 17:30 - 00262144 _____ C:\Windows\Minidump\010214-31215-01.dmp
2013-12-31 16:13 - 2013-12-31 16:13 - 00262144 _____ C:\Windows\Minidump\123113-19936-01.dmp
2013-12-31 08:43 - 2012-02-24 22:03 - 00000000 ____D C:\ProgramData\Skype
2013-12-31 08:42 - 2012-02-24 22:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-31 08:39 - 2012-04-28 18:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 22:59 - 2013-12-30 22:47 - 00003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-12-30 22:47 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-02-06 08:01 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-02-06 08:01 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:47 - 00003384 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 18:33 - 2013-12-10 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 10:34 - 2012-03-30 14:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 08:34 - 2012-03-30 14:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-20 08:34 - 2012-03-30 14:54 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-20 08:34 - 2011-07-15 19:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-20 08:08 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-19 19:16 - 2012-11-03 12:11 - 00000000 ____D C:\Users\Herbert\Documents\Herbalife
2013-12-19 15:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 18:32 - 2013-12-18 18:32 - 00262144 _____ C:\Windows\Minidump\121813-21590-01.dmp
2013-12-18 18:25 - 2013-05-06 12:25 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 18:25 - 2013-03-28 19:42 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 18:25 - 2013-03-28 19:42 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Herbert\AppData\Local\Temp\apptorun.exe
C:\Users\Herbert\AppData\Local\Temp\AskSLib.dll
C:\Users\Herbert\AppData\Local\Temp\avgnt.exe
C:\Users\Herbert\AppData\Local\Temp\Execute2App.exe
C:\Users\Herbert\AppData\Local\Temp\Installer.exe
C:\Users\Herbert\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Herbert\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Herbert\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Herbert\AppData\Local\Temp\msvcp90.dll
C:\Users\Herbert\AppData\Local\Temp\msvcr90.dll
C:\Users\Herbert\AppData\Local\Temp\Quarantine.exe
C:\Users\Herbert\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Herbert\AppData\Local\Temp\stubhelper.dll
C:\Users\Herbert\AppData\Local\Temp\uninst1.exe
C:\Users\Herbert Baumgartner\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-11-05 16:27
==================== End Of Log ============================
Danke |
|
18.01.2014, 08:10
| #6 |
| /// the machine /// TB-Ausbilder | HP Notebook überprüfenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> HP Notebook überprüfen |
|
18.01.2014, 21:39
| #7 |
| | HP Notebook überprüfen Danke für die Antwort. Hier die Ergebnisse: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=37d049a0acb7594589d34cda53335fd3
# engine=16703
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-18 08:02:12
# local_time=2014-01-18 09:02:12 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 12568 255495022 5339 0
# compatibility_mode=5893 16776574 100 94 16553320 141705182 0 0
# scanned=270830
# found=2
# cleaned=0
# scan_time=8595
sh=9DF108A599C119FA6EE2AEDB9A1F14E66B2DBB8D ft=0 fh=0000000000000000 vn="Win32/Trustezeb.E trojan" ac=I fn="C:\Users\Herbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\OLKF095\13 08 2013 Herbert Baumgartner abgewiesene Rechnung (2).zip"
sh=9DF108A599C119FA6EE2AEDB9A1F14E66B2DBB8D ft=0 fh=0000000000000000 vn="Win32/Trustezeb.E trojan" ac=I fn="C:\Users\Herbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\OLKF095\13 08 2013 Herbert Baumgartner abgewiesene Rechnung.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 37 Java 7 Update 45 Java version out of Date! Adobe Flash Player 11.9.900.170 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox 22.0 Firefox out of Date! Google Chrome 31.0.1650.63 Google Chrome 32.0.1700.76 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03
Ran by Herbert (administrator) on HERBERT on 18-01-2014 21:29:29
Running from C:\Users\Herbert\Desktop\x
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbarsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Telekom Austria\aonFlex\Guard.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Herbert\Desktop\x\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [MyImageConverter EPM Support] - C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jmedint.exe [12872 2014-01-06] (Mindspark Interactive Network, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\Herbert\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Herbert Baumgartner\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Herbert Baumgartner\...\Run: [Google Update] - C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKU\Herbert Baumgartner\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\Herbert Baumgartner\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKU\Herbert Baumgartner\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\Herbert Baumgartner\...\Policies\system: [DisableLockWorkstation] 0
HKU\Herbert Baumgartner\...\Policies\system: [DisableChangePassword] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Herbert Baumgartner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Herbert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9B137E3CC435CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
SearchScopes: HKLM - {4491333A-BE23-4018-931D-D8ADF1591333} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files (x86)\Browser Guard\browserguard.dll (Browser Guard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-15] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.138
FireFox:
========
FF ProfilePath: C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default
FF NewTab: about:home
FF Homepage: about:home
FF NetworkProxy: "ftp", ":"
FF NetworkProxy: "http", ":"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", ":"
FF NetworkProxy: "ssl", ":"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @MyImageConverter_8j.com/Plugin - C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\NP8jStub.dll (Mindspark)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Herbert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Herbert\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Herbert\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Herbert\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MyImageConverter - C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\8jffxtbr@MyImageConverter_8j.com [2014-01-06]
FF Extension: ImTranslator - C:\Users\Herbert\AppData\Roaming\Mozilla\Firefox\Profiles\jwfszd72.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-03]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi
FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2013-08-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "hxxp://www.google.at/", "about:newtab?source=home"
CHR DefaultSearchProvider: SweetIM Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Herbert\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Herbert Baumgartner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (HomeTab) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddpogknpjlgfpbboediomaiiaecfajn [2013-10-01]
CHR Extension: (YouTube) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-03]
CHR Extension: (Google-Suche) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-03]
CHR Extension: (Any.do Extension) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2012-12-17]
CHR Extension: (Browser Guard) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfepagcelbegkpkcjgfeecmlnmkedjin [2013-10-01]
CHR Extension: (Google Wallet) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Mail) - C:\Users\Herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-03]
CHR HKLM-x32\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2012-11-03]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files (x86)\Browser Guard\browserguard.crx [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Herbert Baumgartner\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MyImageConverter_8jService; C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbarsvc.exe [88648 2014-01-06] (COMPANYVERS_NAME)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-01] (soft Xpansion)
R2 TAGuard; C:\Program Files (x86)\Telekom Austria\aonFlex\Guard.exe [1359200 2008-09-17] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 18:28 - 2014-01-17 18:28 - 00001879 _____ C:\Users\Herbert\Desktop\JRT.txt
2014-01-17 18:22 - 2014-01-17 18:22 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 17:22 - 2014-01-17 17:25 - 00000000 ____D C:\AdwCleaner
2014-01-17 16:52 - 2014-01-17 16:52 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Malwarebytes
2014-01-17 16:51 - 2014-01-17 16:51 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-17 16:51 - 2014-01-17 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 16:51 - 2014-01-17 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 16:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-16 11:59 - 2014-01-18 21:29 - 00000000 ____D C:\FRST
2014-01-16 11:57 - 2014-01-18 21:29 - 00000000 ____D C:\Users\Herbert\Desktop\x
2014-01-15 18:16 - 2014-01-15 18:16 - 00262144 _____ C:\Windows\Minidump\011514-25256-01.dmp
2014-01-15 18:05 - 2014-01-15 18:05 - 00262144 _____ C:\Windows\Minidump\011514-35615-01.dmp
2014-01-15 13:57 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:57 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 10:48 - 2014-01-15 10:48 - 00262144 _____ C:\Windows\Minidump\011514-60450-01.dmp
2014-01-15 09:54 - 2014-01-15 09:54 - 00262144 _____ C:\Windows\Minidump\011514-33977-01.dmp
2014-01-15 09:22 - 2014-01-15 09:22 - 00262144 _____ C:\Windows\Minidump\011514-20966-01.dmp
2014-01-12 17:13 - 2014-01-12 17:13 - 00262144 _____ C:\Windows\Minidump\011214-24757-01.dmp
2014-01-12 12:58 - 2014-01-12 12:59 - 00262144 _____ C:\Windows\Minidump\011214-19905-01.dmp
2014-01-09 08:20 - 2014-01-09 08:20 - 00002960 _____ C:\Windows\System32\Tasks\{6F34E554-BF79-4A99-A03C-53B5B124D104}
2014-01-06 19:34 - 2014-01-06 19:34 - 00262144 _____ C:\Windows\Minidump\010614-49358-01.dmp
2014-01-06 18:44 - 2014-01-06 18:44 - 00262144 _____ C:\Windows\Minidump\010614-20482-01.dmp
2014-01-06 18:03 - 2014-01-06 18:04 - 00000000 ____D C:\Users\Herbert\AppData\Local\MyImageConverter_8j
2014-01-06 18:03 - 2014-01-06 18:03 - 00000000 ____D C:\Program Files (x86)\MyImageConverter_8j
2014-01-06 18:01 - 2014-01-06 18:01 - 00066607 _____ C:\Users\Herbert\Downloads\PFYDL_04_1b.inx
2014-01-06 15:08 - 2014-01-06 15:09 - 00262144 _____ C:\Windows\Minidump\010614-21091-01.dmp
2014-01-05 16:50 - 2014-01-06 10:51 - 00035328 ____H C:\Users\Herbert\Desktop\~WRL1198.tmp
2014-01-05 16:50 - 2014-01-05 18:02 - 00032768 ____H C:\Users\Herbert\Desktop\~WRL0603.tmp
2014-01-05 16:50 - 2014-01-05 17:07 - 00030208 ____H C:\Users\Herbert\Desktop\~WRL3189.tmp
2014-01-05 16:50 - 2014-01-05 16:50 - 00029696 ____H C:\Users\Herbert\Desktop\~WRL2075.tmp
2014-01-02 17:30 - 2014-01-02 17:30 - 00262144 _____ C:\Windows\Minidump\010214-31215-01.dmp
2013-12-31 16:13 - 2013-12-31 16:13 - 00262144 _____ C:\Windows\Minidump\123113-19936-01.dmp
2013-12-30 22:47 - 2013-12-30 22:59 - 00003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:59 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:47 - 00003384 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
==================== One Month Modified Files and Folders =======
2014-01-18 21:29 - 2014-01-16 11:59 - 00000000 ____D C:\FRST
2014-01-18 21:29 - 2014-01-16 11:57 - 00000000 ____D C:\Users\Herbert\Desktop\x
2014-01-18 21:28 - 2012-11-03 11:29 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Skype
2014-01-18 21:21 - 2011-09-23 00:44 - 01740918 _____ C:\Windows\WindowsUpdate.log
2014-01-18 20:36 - 2012-12-03 09:18 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 18:36 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 18:36 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 18:28 - 2012-11-03 11:28 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Dropbox
2014-01-18 18:28 - 2012-08-09 13:00 - 00000000 ___RD C:\Users\Herbert Baumgartner\Dropbox
2014-01-18 18:27 - 2012-11-02 17:11 - 00031384 _____ C:\Windows\setupact.log
2014-01-18 18:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 18:28 - 2014-01-17 18:28 - 00001879 _____ C:\Users\Herbert\Desktop\JRT.txt
2014-01-17 18:22 - 2014-01-17 18:22 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 17:25 - 2014-01-17 17:22 - 00000000 ____D C:\AdwCleaner
2014-01-17 17:25 - 2012-11-02 17:11 - 00161468 _____ C:\Windows\PFRO.log
2014-01-17 17:24 - 2013-10-01 11:09 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2014-01-17 17:24 - 2013-10-01 11:09 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2014-01-17 16:52 - 2014-01-17 16:52 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Malwarebytes
2014-01-17 16:51 - 2014-01-17 16:51 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-17 16:51 - 2014-01-17 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 16:51 - 2014-01-17 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 16:47 - 2012-11-06 18:35 - 00002365 _____ C:\Users\Herbert\Desktop\Google Chrome.lnk
2014-01-17 16:43 - 2012-11-03 14:20 - 00000000 ____D C:\Users\Herbert\AppData\Local\DoNotTrackPlus
2014-01-16 09:47 - 2012-11-03 11:29 - 00001022 _____ C:\Users\Herbert\Desktop\Dropbox.lnk
2014-01-16 09:47 - 2012-11-03 11:28 - 00000000 ____D C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 09:47 - 2012-11-03 11:22 - 00000000 ___RD C:\Users\Herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 18:29 - 2012-11-03 13:48 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 18:29 - 2011-07-16 05:07 - 00657938 _____ C:\Windows\system32\perfh007.dat
2014-01-15 18:29 - 2011-07-16 05:07 - 00131296 _____ C:\Windows\system32\perfc007.dat
2014-01-15 18:16 - 2014-01-15 18:16 - 00262144 _____ C:\Windows\Minidump\011514-25256-01.dmp
2014-01-15 18:16 - 2013-11-19 20:49 - 668873485 _____ C:\Windows\MEMORY.DMP
2014-01-15 18:16 - 2013-02-28 22:12 - 00000000 ____D C:\Windows\Minidump
2014-01-15 18:05 - 2014-01-15 18:05 - 00262144 _____ C:\Windows\Minidump\011514-35615-01.dmp
2014-01-15 17:58 - 2009-07-14 05:45 - 00288936 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 17:04 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2014-01-15 17:03 - 2013-07-29 20:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 17:01 - 2012-02-24 22:50 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 10:56 - 2009-07-14 06:13 - 01507500 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 10:48 - 2014-01-15 10:48 - 00262144 _____ C:\Windows\Minidump\011514-60450-01.dmp
2014-01-15 09:54 - 2014-01-15 09:54 - 00262144 _____ C:\Windows\Minidump\011514-33977-01.dmp
2014-01-15 09:28 - 2012-11-03 12:09 - 00000000 ____D C:\Users\Herbert\Documents\Betrieb LW
2014-01-15 09:27 - 2012-02-26 19:56 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-15 09:22 - 2014-01-15 09:22 - 00262144 _____ C:\Windows\Minidump\011514-20966-01.dmp
2014-01-15 08:54 - 2012-11-03 12:10 - 00000000 ____D C:\Users\Herbert\Documents\Comic1
2014-01-12 17:13 - 2014-01-12 17:13 - 00262144 _____ C:\Windows\Minidump\011214-24757-01.dmp
2014-01-12 12:59 - 2014-01-12 12:58 - 00262144 _____ C:\Windows\Minidump\011214-19905-01.dmp
2014-01-09 08:41 - 2013-04-09 07:46 - 00000000 ____D C:\Program Files (x86)\WordToPDF
2014-01-09 08:20 - 2014-01-09 08:20 - 00002960 _____ C:\Windows\System32\Tasks\{6F34E554-BF79-4A99-A03C-53B5B124D104}
2014-01-07 21:39 - 2013-10-22 19:00 - 00001975 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-01-06 19:34 - 2014-01-06 19:34 - 00262144 _____ C:\Windows\Minidump\010614-49358-01.dmp
2014-01-06 18:44 - 2014-01-06 18:44 - 00262144 _____ C:\Windows\Minidump\010614-20482-01.dmp
2014-01-06 18:04 - 2014-01-06 18:03 - 00000000 ____D C:\Users\Herbert\AppData\Local\MyImageConverter_8j
2014-01-06 18:03 - 2014-01-06 18:03 - 00000000 ____D C:\Program Files (x86)\MyImageConverter_8j
2014-01-06 18:03 - 2012-11-03 11:25 - 00000000 ____D C:\Users\Herbert\AppData\Local\CrashDumps
2014-01-06 18:01 - 2014-01-06 18:01 - 00066607 _____ C:\Users\Herbert\Downloads\PFYDL_04_1b.inx
2014-01-06 15:09 - 2014-01-06 15:08 - 00262144 _____ C:\Windows\Minidump\010614-21091-01.dmp
2014-01-06 10:51 - 2014-01-05 16:50 - 00035328 ____H C:\Users\Herbert\Desktop\~WRL1198.tmp
2014-01-05 18:02 - 2014-01-05 16:50 - 00032768 ____H C:\Users\Herbert\Desktop\~WRL0603.tmp
2014-01-05 17:07 - 2014-01-05 16:50 - 00030208 ____H C:\Users\Herbert\Desktop\~WRL3189.tmp
2014-01-05 16:50 - 2014-01-05 16:50 - 00029696 ____H C:\Users\Herbert\Desktop\~WRL2075.tmp
2014-01-04 09:46 - 2012-11-03 12:28 - 00000000 ____D C:\Users\Herbert\Documents\Privat
2014-01-04 09:37 - 2012-09-07 11:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-02 17:30 - 2014-01-02 17:30 - 00262144 _____ C:\Windows\Minidump\010214-31215-01.dmp
2013-12-31 16:13 - 2013-12-31 16:13 - 00262144 _____ C:\Windows\Minidump\123113-19936-01.dmp
2013-12-31 08:43 - 2012-02-24 22:03 - 00000000 ____D C:\ProgramData\Skype
2013-12-31 08:42 - 2012-02-24 22:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-31 08:39 - 2012-04-28 18:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 22:59 - 2013-12-30 22:47 - 00003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-12-30 22:47 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-02-06 08:01 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:59 - 2013-02-06 08:01 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 22:47 - 2013-12-30 22:47 - 00003384 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3782615187-734511086-1096893380-1003
2013-12-30 18:33 - 2013-12-10 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 10:34 - 2012-03-30 14:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 08:34 - 2012-03-30 14:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-20 08:34 - 2012-03-30 14:54 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-20 08:34 - 2011-07-15 19:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-20 08:08 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-19 19:16 - 2012-11-03 12:11 - 00000000 ____D C:\Users\Herbert\Documents\Herbalife
2013-12-19 15:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\Herbert\AppData\Local\Temp\apptorun.exe
C:\Users\Herbert\AppData\Local\Temp\AskSLib.dll
C:\Users\Herbert\AppData\Local\Temp\avgnt.exe
C:\Users\Herbert\AppData\Local\Temp\Execute2App.exe
C:\Users\Herbert\AppData\Local\Temp\Installer.exe
C:\Users\Herbert\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Herbert\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Herbert\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Herbert\AppData\Local\Temp\msvcp90.dll
C:\Users\Herbert\AppData\Local\Temp\msvcr90.dll
C:\Users\Herbert\AppData\Local\Temp\Quarantine.exe
C:\Users\Herbert\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Herbert\AppData\Local\Temp\stubhelper.dll
C:\Users\Herbert\AppData\Local\Temp\uninst1.exe
C:\Users\Herbert Baumgartner\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-11-05 16:27
==================== End Of Log ============================
Zu den Problemen, muss ich sagen, dass der Laptop schon um einiges besser läuft. In einem Suchfeld bekomme ich auch nicht mehr diese Werbeanzeige. Aber ich habe noch immer das Problem, dass ich bei einer Webseite statt den Bildern ein schwarzes x bekomme. Dies kann aber evtl. auch an der Seite liegen. Die Seite lautet kinderschatz.at. Danke |
|
19.01.2014, 10:50
| #8 |
| /// the machine /// TB-Ausbilder | HP Notebook überprüfen Java, Adobe und Firefox updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. In welchem Browser ist das mit der Seite?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.01.2014, 14:07
| #9 |
| | HP Notebook überprüfen Danke für die Antwort. Hier noch das Ergebnis von TFC Code:
ATTFilter Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 74231 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Herbert
->Temp folder emptied: 846874877 bytes
->Temporary Internet Files folder emptied: 2018458915 bytes
->Java cache emptied: 4322935 bytes
->FireFox cache emptied: 234017391 bytes
->Google Chrome cache emptied: 181834351 bytes
->Flash cache emptied: 26851 bytes
User: Herbert Baumgartner
->Temp folder emptied: 159120638 bytes
->Temporary Internet Files folder emptied: 11921690 bytes
->Java cache emptied: 552377 bytes
->FireFox cache emptied: 71379701 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 923 bytes
User: Public
User: TEMP
->Temp folder emptied: 37890 bytes
->Temporary Internet Files folder emptied: 4219482 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 519709992 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 27417421 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43293766 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 0 bytes
Process complete!
Total Files Cleaned = 3.932,00 mb
Danke |
|
20.01.2014, 12:11
| #10 |
| /// the machine /// TB-Ausbilder | HP Notebook überprüfen Sind das Flash Bilder? IE11 hat einen integrierten Flash Player, setz den IE 11 mal komplett zurück.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2014, 23:03
| #11 |
| | HP Notebook überprüfen Danke für die Antwort. Es sind keine Flash Bilder, sondern normale jpg Bilder. Aber als ich nun den ie neu gestartet habe werden nun wieder alle Bilder normal angezeigt. Ist der Laptop sonst schon o.k. Von meinem Gefühl her, kann ich nichts entdecken und läuft recht stabil und bei Antivir wird nun wieder alles o.k. angezeigt. Bitte noch um Info, wie ich am besten und schnellsten alle installierten Programme für den Check deinstallieren kann. Danke nochmals Geändert von haiflosse (20.01.2014 um 23:10 Uhr) |
|
21.01.2014, 12:48
| #12 |
| /// the machine /// TB-Ausbilder | HP Notebook überprüfen Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
