| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Umleitung auf awesomehp entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.02.2014, 22:47
| #1 |
| |  Windows 7: Umleitung auf awesomehp entfernen? Hallo, ich werde leider immer auf die Seite awesomehp und ihre Millionen Pop-Ups umgeleitet. Ich habe schon versucht, mit Spybot gegenzusteuern - leider erfolglos. Könnt ihr mir helfen? Die Logs von FRST, Gmer und Spybot habe ich angehängt. Vielen Dank!! chrismunich sorry für die Anhänge, hier nochmal die Logs als Code FRST: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by s at 2014-02-02 18:17:31
Running from F:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Immunet 3.0 (Enabled - Up to date) {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU Version: 2.1.0.381 - Amazon Services LLC)
Apple Application Support (x32 Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed IV Black Flag (x32 Version: - Ubisoft)
BatteryLifeExtender (x32 Version: 1.0.11 - Samsung)
Bing Bar (x32 Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (Version: 5.60.48.55 - Broadcom Corporation)
ChargeableUSB (x32 Version: 1.0.0.0 - SAMSUNG)
Citrix Online Plug-in - Web (x32 Version: 12.3.0.8 - Citrix Systems, Inc.)
Citrix Online Plug-in (DV) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.2310.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2310.52 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
doubleTwist (x32 Version: 3.2.2.17028 - doubleTwist Corporation)
Easy Content Share (x32 Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (x32 Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (x32 Version: 1.0.0.5 - Samsung Electronics Co., Ltd.)
Easy Network Manager (x32 Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (x32 Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (x32 Version: 4.0.0.4 - Samsung)
EasyFileShare (x32 Version: 1.0.11 - Samsung)
ETDWare PS/2-X64 8.0.7.1_WHQL (Version: 8.0.7.1 - ELAN Microelectronic Corp.)
Fast Start (x32 Version: 2.2.0.0 - SAMSUNG)
ffdshow [rev 2527] [2008-12-19] (x32 Version: 1.0 - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreePDF (Remove only) (x32 Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
Immunet 3.0 (x32 Version: 3.0.12.9412 - Sourcefire, Inc.)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2253 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046 - Intel Corporation)
InterActual Player (x32 Version: - )
iTunes (Version: 10.5.1.42 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karteikasten .Net 2.4.0 (Version: 2.4.0.0 - Flo & Seb Engineering)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mein CEWE FOTOBUCH (x32 Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Color Enhancer (x32 Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (x32 Version: 1.1 - )
Norton Internet Security (x32 Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
NVIDIA Display Control Panel (Version: 6.14.12.6672 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 266.72 (Version: 266.72 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.15 (Version: 1.0.15 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.15 - NVIDIA Corporation) Hidden
PhoneShare (x32 Version: 9.1.4 - Samsung)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Pixum Fotobuch (x32 Version: - )
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.33.1125.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6246 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Samsung AnyWeb Print (x32 Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (x32 Version: - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (x32 Version: 5.0.0.9 - Samsung)
Samsung Support Center 1.0 (x32 Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (x32 Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (x32 Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (x32 Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Software Version Updater (x32 Version: 1.1.3.8 - ) <==== ATTENTION
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
SRS Premium Sound Control Panel (Version: 1.10.0301 - SRS Labs, Inc.)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.0.82.0 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Uplay (x32 Version: 4.0 - Ubisoft)
User Guide (x32 Version: 1.0 - )
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WIDCOMM Bluetooth Software (Version: 6.3.0.7000 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WordCaptureX Pro (x32 Version: 4.0.0 - Deskperience)
WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
Zattoo4 4.0.5 (x32 Version: 4.0.5 - Zattoo Inc.)
Zip Opener Packages (HKCU Version: - ) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
19-01-2014 18:34:20 Windows-Sicherung
19-01-2014 21:40:36 Windows Update
20-01-2014 16:42:16 Windows Update
26-01-2014 18:00:03 Windows-Sicherung
27-01-2014 23:50:36 Installed SpyHunter
01-02-2014 13:28:41 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-01-31 12:15 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02419BB0-D5C3-4C58-8735-1B54C71F30E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {099A72D4-2BFE-4B4A-88F1-1E1A9A01FD63} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {13A2272C-FA14-4317-A675-30730666BBA4} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {1CBD2CCF-19EA-4676-95FE-DE498D961E82} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {1D27F501-C39A-418F-93F2-F2F7CB49E27E} - System32\Tasks\Digital Sites => C:\Users\s\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {32E7B713-FA0C-4E3B-BA36-9E8ADB49FDD6} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {39F9B9D5-F5F6-4521-8FF8-DD48A19F8602} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {3D150D3A-C872-400D-A153-270F8F468A07} - System32\Tasks\bench-Updater removing
Task: {3F0ED486-A406-4841-AF35-E2D00BE32098} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-15] (SRS Labs, Inc.)
Task: {4C1C07EB-793B-4C5F-9648-6061F38F6F59} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {5325CC7C-ADB4-41F1-9A43-928BCA83994B} - System32\Tasks\{32F06940-612D-4938-A018-8477BD58ED6F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {55C63C52-745F-46BA-889D-9B819A0E8F71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.)
Task: {5EDACCCB-5AFB-4276-B421-E44842621793} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {5FB28707-165E-4177-ADF6-98277374AE36} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {60FA4745-C759-4BD5-95FA-A3F055F95116} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {8B1460AE-5FE7-4D27-A9AE-CF8BFB0F6217} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {99E42421-47DA-4C1F-A6CC-8129C4E9AA77} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {9D4F3D57-7793-4923-A6AE-F0412F217AAD} - System32\Tasks\AmiUpdXp => C:\Users\s\AppData\Local\SwvUpdater\Updater.exe [2014-01-28] () <==== ATTENTION
Task: {AF959CBC-3D65-404C-BA99-BC5FE9F9BA9E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-14] (Samsung Electronics)
Task: {B3EFF43D-77FC-4126-B1E6-5B17490EDEC4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-28] (Adobe Systems Incorporated)
Task: {B7F8E5E6-D910-4351-AC15-878B6B17BFD3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {BA2F7E6E-5099-448C-B92B-B07BD34D4811} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.)
Task: {BA5B5450-52DD-4E0B-9B49-CE0E2D8E9163} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {DDEDCD8E-AA01-4FF8-BC7C-51F739840963} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E01243FB-B00D-4CAC-B1B4-E935DF1A4CF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {EA232AE4-F89A-4550-9C47-B36DA93E5792} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {EF3E1463-6B8F-4E9A-9C5A-0732FED3BF0B} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\s\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\windows\Tasks\bench-Updater removing.job => ?
Task: C:\windows\Tasks\Digital Sites.job => C:\Users\s\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-09 16:59 - 2013-09-09 16:59 - 00465664 _____ () C:\Program Files\Immunet\3.0.12\dhr.dll
2013-09-09 16:59 - 2013-09-09 16:59 - 01501696 _____ () C:\Program Files\Immunet\3.0.12\LIBEAY32.dll
2013-09-09 16:59 - 2013-09-09 16:59 - 00331776 _____ () C:\Program Files\Immunet\3.0.12\SSLEAY32.dll
2011-04-09 01:25 - 2010-11-29 05:34 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-01 11:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-01 11:30 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-01 11:30 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-01 11:30 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-01 11:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-04-08 11:26 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2011-04-08 10:45 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-04-08 10:36 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2014 06:11:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x66c
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (02/02/2014 06:11:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 03:36:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x734
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (02/02/2014 03:36:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54372822
Error: (02/02/2014 03:36:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54372822
Error: (02/02/2014 03:36:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2014 10:18:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x1abc
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (02/01/2014 06:18:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x1be0
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (02/01/2014 06:01:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc015000f
Fehleroffset: 0x000000000006f7ba
ID des fehlerhaften Prozesses: 0xde8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (02/01/2014 06:01:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1ddfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005055a
ID des fehlerhaften Prozesses: 0xde8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
System errors:
=============
Error: (02/02/2014 06:11:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/02/2014 06:08:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
Error: (02/02/2014 03:37:18 PM) (Source: DCOM) (User: )
Description: {C37BFDB8-9D49-4DCB-8D83-6C34A5FBA8ED}
Error: (02/02/2014 03:36:42 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (02/01/2014 05:56:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2014 03:10:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2014 02:24:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2014 00:16:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2014 00:14:06 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (02/01/2014 09:12:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (02/02/2014 06:11:31 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de66c01cf2039c5ae2b9eC:\windows\system32\taskeng.exeC:\windows\system32\msvcrt.dll0f0189c7-8c2d-11e3-90c3-e0ca944280ff
Error: (02/02/2014 06:11:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 03:36:57 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de73401cf20243388867dC:\windows\system32\taskeng.exeC:\windows\system32\msvcrt.dll7756ce05-8c17-11e3-a09f-e0ca944280ff
Error: (02/02/2014 03:36:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54372822
Error: (02/02/2014 03:36:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54372822
Error: (02/02/2014 03:36:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2014 10:18:00 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de1abc01cf1f72347d2110C:\windows\system32\taskeng.exeC:\windows\system32\msvcrt.dll536b8019-8b86-11e3-a09f-e0ca944280ff
Error: (02/01/2014 06:18:00 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de1be001cf1f6f6930cab3C:\windows\system32\taskeng.exeC:\windows\system32\msvcrt.dllcc7f785d-8b64-11e3-a09f-e0ca944280ff
Error: (02/01/2014 06:01:10 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c015000f000000000006f7bade801cf1f6eb6c749a8C:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dll72789811-8b62-11e3-a09f-e0ca944280ff
Error: (02/01/2014 06:01:02 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1822251f1ddfac0000005000000000005055ade801cf1f6eb6c749a8C:\windows\Explorer.EXEC:\windows\system32\SHELL32.dll6d8ef677-8b62-11e3-a09f-e0ca944280ff
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 6055.12 MB
Available physical RAM: 3935.46 MB
Total Pagefile: 12108.41 MB
Available Pagefile: 9918.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:271 GB) (Free:84.09 GB) NTFS
Drive d: () (Fixed) (Total:404.88 GB) (Free:404.17 GB) NTFS
Drive f: (++++) (Removable) (Total:14.59 GB) (Free:14.38 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: AD8CB770)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=271 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=405 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by s at 2014-02-02 18:17:31
Running from F:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Immunet 3.0 (Enabled - Up to date) {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU Version: 2.1.0.381 - Amazon Services LLC)
Apple Application Support (x32 Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed IV Black Flag (x32 Version: - Ubisoft)
BatteryLifeExtender (x32 Version: 1.0.11 - Samsung)
Bing Bar (x32 Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (Version: 5.60.48.55 - Broadcom Corporation)
ChargeableUSB (x32 Version: 1.0.0.0 - SAMSUNG)
Citrix Online Plug-in - Web (x32 Version: 12.3.0.8 - Citrix Systems, Inc.)
Citrix Online Plug-in (DV) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.2310.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2310.52 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
doubleTwist (x32 Version: 3.2.2.17028 - doubleTwist Corporation)
Easy Content Share (x32 Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (x32 Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (x32 Version: 1.0.0.5 - Samsung Electronics Co., Ltd.)
Easy Network Manager (x32 Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (x32 Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (x32 Version: 4.0.0.4 - Samsung)
EasyFileShare (x32 Version: 1.0.11 - Samsung)
ETDWare PS/2-X64 8.0.7.1_WHQL (Version: 8.0.7.1 - ELAN Microelectronic Corp.)
Fast Start (x32 Version: 2.2.0.0 - SAMSUNG)
ffdshow [rev 2527] [2008-12-19] (x32 Version: 1.0 - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreePDF (Remove only) (x32 Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
Immunet 3.0 (x32 Version: 3.0.12.9412 - Sourcefire, Inc.)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2253 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046 - Intel Corporation)
InterActual Player (x32 Version: - )
iTunes (Version: 10.5.1.42 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karteikasten .Net 2.4.0 (Version: 2.4.0.0 - Flo & Seb Engineering)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mein CEWE FOTOBUCH (x32 Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Color Enhancer (x32 Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (x32 Version: 1.1 - )
Norton Internet Security (x32 Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
NVIDIA Display Control Panel (Version: 6.14.12.6672 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 266.72 (Version: 266.72 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.15 (Version: 1.0.15 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.15 - NVIDIA Corporation) Hidden
PhoneShare (x32 Version: 9.1.4 - Samsung)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Pixum Fotobuch (x32 Version: - )
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.33.1125.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6246 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Samsung AnyWeb Print (x32 Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (x32 Version: - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (x32 Version: 5.0.0.9 - Samsung)
Samsung Support Center 1.0 (x32 Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (x32 Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (x32 Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (x32 Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Software Version Updater (x32 Version: 1.1.3.8 - ) <==== ATTENTION
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
SRS Premium Sound Control Panel (Version: 1.10.0301 - SRS Labs, Inc.)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.0.82.0 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Uplay (x32 Version: 4.0 - Ubisoft)
User Guide (x32 Version: 1.0 - )
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WIDCOMM Bluetooth Software (Version: 6.3.0.7000 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WordCaptureX Pro (x32 Version: 4.0.0 - Deskperience)
WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
Zattoo4 4.0.5 (x32 Version: 4.0.5 - Zattoo Inc.)
Zip Opener Packages (HKCU Version: - ) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
19-01-2014 18:34:20 Windows-Sicherung
19-01-2014 21:40:36 Windows Update
20-01-2014 16:42:16 Windows Update
26-01-2014 18:00:03 Windows-Sicherung
27-01-2014 23:50:36 Installed SpyHunter
01-02-2014 13:28:41 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-01-31 12:15 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02419BB0-D5C3-4C58-8735-1B54C71F30E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {099A72D4-2BFE-4B4A-88F1-1E1A9A01FD63} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {13A2272C-FA14-4317-A675-30730666BBA4} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {1CBD2CCF-19EA-4676-95FE-DE498D961E82} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {1D27F501-C39A-418F-93F2-F2F7CB49E27E} - System32\Tasks\Digital Sites => C:\Users\s\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {32E7B713-FA0C-4E3B-BA36-9E8ADB49FDD6} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {39F9B9D5-F5F6-4521-8FF8-DD48A19F8602} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {3D150D3A-C872-400D-A153-270F8F468A07} - System32\Tasks\bench-Updater removing
Task: {3F0ED486-A406-4841-AF35-E2D00BE32098} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-15] (SRS Labs, Inc.)
Task: {4C1C07EB-793B-4C5F-9648-6061F38F6F59} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {5325CC7C-ADB4-41F1-9A43-928BCA83994B} - System32\Tasks\{32F06940-612D-4938-A018-8477BD58ED6F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {55C63C52-745F-46BA-889D-9B819A0E8F71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.)
Task: {5EDACCCB-5AFB-4276-B421-E44842621793} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {5FB28707-165E-4177-ADF6-98277374AE36} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {60FA4745-C759-4BD5-95FA-A3F055F95116} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {8B1460AE-5FE7-4D27-A9AE-CF8BFB0F6217} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {99E42421-47DA-4C1F-A6CC-8129C4E9AA77} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {9D4F3D57-7793-4923-A6AE-F0412F217AAD} - System32\Tasks\AmiUpdXp => C:\Users\s\AppData\Local\SwvUpdater\Updater.exe [2014-01-28] () <==== ATTENTION
Task: {AF959CBC-3D65-404C-BA99-BC5FE9F9BA9E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-14] (Samsung Electronics)
Task: {B3EFF43D-77FC-4126-B1E6-5B17490EDEC4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-28] (Adobe Systems Incorporated)
Task: {B7F8E5E6-D910-4351-AC15-878B6B17BFD3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {BA2F7E6E-5099-448C-B92B-B07BD34D4811} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.)
Task: {BA5B5450-52DD-4E0B-9B49-CE0E2D8E9163} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {DDEDCD8E-AA01-4FF8-BC7C-51F739840963} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E01243FB-B00D-4CAC-B1B4-E935DF1A4CF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {EA232AE4-F89A-4550-9C47-B36DA93E5792} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {EF3E1463-6B8F-4E9A-9C5A-0732FED3BF0B} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\s\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\windows\Tasks\bench-Updater removing.job => ?
Task: C:\windows\Tasks\Digital Sites.job => C:\Users\s\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-09 16:59 - 2013-09-09 16:59 - 00465664 _____ () C:\Program Files\Immunet\3.0.12\dhr.dll
2013-09-09 16:59 - 2013-09-09 16:59 - 01501696 _____ () C:\Program Files\Immunet\3.0.12\LIBEAY32.dll
2013-09-09 16:59 - 2013-09-09 16:59 - 00331776 _____ () C:\Program Files\Immunet\3.0.12\SSLEAY32.dll
2011-04-09 01:25 - 2010-11-29 05:34 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-01 11:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-01 11:30 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-01 11:30 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-01 11:30 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-01 11:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-04-08 11:26 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2011-04-08 10:45 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-04-08 10:36 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2014 06:11:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x66c
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (02/02/2014 06:11:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 03:36:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x734
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (02/02/2014 03:36:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54372822
Error: (02/02/2014 03:36:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54372822
Error: (02/02/2014 03:36:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2014 10:18:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x1abc
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (02/01/2014 06:18:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x1be0
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (02/01/2014 06:01:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc015000f
Fehleroffset: 0x000000000006f7ba
ID des fehlerhaften Prozesses: 0xde8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (02/01/2014 06:01:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1ddfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005055a
ID des fehlerhaften Prozesses: 0xde8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
System errors:
=============
Error: (02/02/2014 06:11:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/02/2014 06:08:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
Error: (02/02/2014 03:37:18 PM) (Source: DCOM) (User: )
Description: {C37BFDB8-9D49-4DCB-8D83-6C34A5FBA8ED}
Error: (02/02/2014 03:36:42 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (02/01/2014 05:56:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2014 03:10:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2014 02:24:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2014 00:16:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2014 00:14:06 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (02/01/2014 09:12:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (02/02/2014 06:11:31 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de66c01cf2039c5ae2b9eC:\windows\system32\taskeng.exeC:\windows\system32\msvcrt.dll0f0189c7-8c2d-11e3-90c3-e0ca944280ff
Error: (02/02/2014 06:11:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 03:36:57 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de73401cf20243388867dC:\windows\system32\taskeng.exeC:\windows\system32\msvcrt.dll7756ce05-8c17-11e3-a09f-e0ca944280ff
Error: (02/02/2014 03:36:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54372822
Error: (02/02/2014 03:36:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54372822
Error: (02/02/2014 03:36:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2014 10:18:00 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de1abc01cf1f72347d2110C:\windows\system32\taskeng.exeC:\windows\system32\msvcrt.dll536b8019-8b86-11e3-a09f-e0ca944280ff
Error: (02/01/2014 06:18:00 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de1be001cf1f6f6930cab3C:\windows\system32\taskeng.exeC:\windows\system32\msvcrt.dllcc7f785d-8b64-11e3-a09f-e0ca944280ff
Error: (02/01/2014 06:01:10 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c015000f000000000006f7bade801cf1f6eb6c749a8C:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dll72789811-8b62-11e3-a09f-e0ca944280ff
Error: (02/01/2014 06:01:02 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1822251f1ddfac0000005000000000005055ade801cf1f6eb6c749a8C:\windows\Explorer.EXEC:\windows\system32\SHELL32.dll6d8ef677-8b62-11e3-a09f-e0ca944280ff
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 6055.12 MB
Available physical RAM: 3935.46 MB
Total Pagefile: 12108.41 MB
Available Pagefile: 9918.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:271 GB) (Free:84.09 GB) NTFS
Drive d: () (Fixed) (Total:404.88 GB) (Free:404.17 GB) NTFS
Drive f: (++++) (Removable) (Total:14.59 GB) (Free:14.38 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: AD8CB770)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=271 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=405 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-02 18:46:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF4O 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\s\AppData\Local\Temp\kwtdrfoc.sys
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\WPM\wprotectmanager.exe[1520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075151465 2 bytes [15, 75]
.text C:\ProgramData\WPM\wprotectmanager.exe[1520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751514bb 2 bytes [15, 75]
.text ... * 2
.text C:\windows\SysWOW64\PnkBstrA.exe[2180] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073041a22 2 bytes [04, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2180] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073041ad0 2 bytes [04, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2180] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073041b08 2 bytes [04, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2180] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073041bba 2 bytes [04, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2180] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073041bda 2 bytes [04, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2180] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075151465 2 bytes [15, 75]
.text C:\windows\SysWOW64\PnkBstrA.exe[2180] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751514bb 2 bytes [15, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2348] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075151465 2 bytes [15, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2348] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000751514bb 2 bytes [15, 75]
.text ... * 2
.text C:\Users\s\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[4128] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075151465 2 bytes [15, 75]
.text C:\Users\s\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[4128] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751514bb 2 bytes [15, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4732] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075151465 2 bytes [15, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4732] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000751514bb 2 bytes [15, 75]
.text ... * 2
.text C:\windows\SysWOW64\RunDll32.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075151465 2 bytes [15, 75]
.text C:\windows\SysWOW64\RunDll32.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751514bb 2 bytes [15, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5304] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075151465 2 bytes [15, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5304] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751514bb 2 bytes [15, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\windows\System32\svchost.exe [5620:1692] 000007feec2f9688
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1520] (WPM Service/Cherished Technololgy LIMITED)(2 0000000001180000
Process C:\Users\s\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (*** suspicious ***) @ C:\Users\s\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [4128](2013-12-07 12:07:03) 0000000000970000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00006b028910
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca944280ff
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver@ImagePath \??\C:\windows\System32\Drivers\ImmunetNetworkMonitor.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver@DisplayName ImmunetNetworkMonitorDriver
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters\Wdf
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters\Wdf@WdfMajorVersion 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters\Wdf@WdfMinorVersion 9
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters\Wdf@TimeOfLastSqmLog 0x54 0x54 0x68 0xC6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters\Wdf@KmdfLibraryVersion 1.9???????????
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect@Type 272
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect@ImagePath C:\Program Files\Immunet\3.0.12\agent.exe
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect@DisplayName Immunet 3.0
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect@Description Immunet 3.0
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@ImagePath system32\DRIVERS\ImmunetProtect.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@DisplayName ImmunetProtectDriver
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@Group FSFilter Content Screener
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver@Description Immunet Protect Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances@DefaultInstance ImmunetProtect Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances\ImmunetProtect Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances\ImmunetProtect Instance@Altitude 388300
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances\ImmunetProtect Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@Tag 3
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@ImagePath system32\DRIVERS\ImmunetSelfProtect.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@DisplayName ImmunetSelfProtectDriver
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@Group FSFilter Content Screener
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver@Description Immunet Self Protection Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances@DefaultInstance ImmunetSelfProtect Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect Instance@Altitude 388530
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00006b028910 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca944280ff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver@ImagePath \??\C:\windows\System32\Drivers\ImmunetNetworkMonitor.sys
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver@DisplayName ImmunetNetworkMonitorDriver
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters\Wdf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters\Wdf@WdfMajorVersion 1
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters\Wdf@WdfMinorVersion 9
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters\Wdf@TimeOfLastSqmLog 0x54 0x54 0x68 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters\Wdf@KmdfLibraryVersion 1.9???????????
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtect@Type 272
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtect@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtect@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtect@ImagePath C:\Program Files\Immunet\3.0.12\agent.exe
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtect@DisplayName Immunet 3.0
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtect@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtect@Description Immunet 3.0
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@ImagePath system32\DRIVERS\ImmunetProtect.sys
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@DisplayName ImmunetProtectDriver
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@Group FSFilter Content Screener
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver@Description Immunet Protect Driver
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances@DefaultInstance ImmunetProtect Instance
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances\ImmunetProtect Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances\ImmunetProtect Instance@Altitude 388300
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances\ImmunetProtect Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@Tag 3
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@ImagePath system32\DRIVERS\ImmunetSelfProtect.sys
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@DisplayName ImmunetSelfProtectDriver
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@Group FSFilter Content Screener
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver@Description Immunet Self Protection Driver
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances@DefaultInstance ImmunetSelfProtect Instance
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect Instance@Altitude 388530
Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect Instance@Flags 0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Search results from Spybot - Search & Destroy
2/1/2014 1:02:05 PM
Scan took 00:30:46.
19 items found.
Amonetize.InstallPath: [SBI $9605A46C] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Amonetize.InstallPath: [SBI $9605A46C] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Amonetize.InstallPath: [SBI $44174700] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Updater.AmiUpd
Amonetize.InstallPath: [SBI $44174700] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Updater.AmiUpd.1
Amonetize.InstallPath: [SBI $44174700] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Amonetize.InstallPath: [SBI $44174700] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Updater.AmiUpd.1
Amonetize.InstallPath: [SBI $44174700] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Updater.AmiUpd
Amonetize.InstallPath: [SBI $ACCAD080] Uninstall settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-02-01 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-29 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-29 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-29 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
….für Geduld und überhaupt…!!! |
|
03.02.2014, 00:26
| #2 |
| /// Malwareteam / Visitor  | Windows 7: Umleitung auf awesomehp entfernen? Ich bin smeenk und ich werde versuchen dir zu helfen  Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
03.02.2014, 17:44
| #3 |
| | Windows 7: Umleitung auf awesomehp entfernen? Hallo smeenk,
__________________hier das Zoe-Log: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by s on 03.02.2014 at 16:37:30,76.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\s\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
03.02.2014 16:38:47 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
"Windows Live Essentials"
"Windows Live Mail"
"Windows Live Messenger"
"Windows Live" fotogalerija
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
??????????? ?? Windows Live
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.06) - Deutsch
Amazon Cloud Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed IV Black Flag
BatteryLifeExtender
Bing Bar
Bonjour
Broadcom 802.11 Network Adapter
ChargeableUSB
Citrix Online Plug-in - Web
Citrix Online Plug-in (DV)
Citrix Online Plug-in (HDX)
Citrix Online Plug-in (USB)
Citrix Online Plug-in (Web)
CyberLink Media Suite
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
doubleTwist
Easy Content Share
Easy Display Manager
Easy Migration
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ETDWare PS/2-X64 8.0.7.1_WHQL
Fast Start
ffdshow [rev 2527] [2008-12-19]
Fotogalerija Windows Live
FreePDF (Remove only)
Galeria de Fotografias do Windows Live
Galer�a fotogr�fica de Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Google Chrome
Google Update Helper
Google+ Auto Backup
GPL Ghostscript
Immunet 3.0
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
InterActual Player
iTunes
Junk Mail filter update
Karteikasten .Net 2.4.0
McAfee Security Scan Plus
Mein CEWE FOTOBUCH
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Color Enhancer
Mozilla Firefox 26.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Multimedia POP
Norton Internet Security
Norton Online Backup
NVIDIA Display Control Panel
NVIDIA Graphics Driver 266.72
NVIDIA Install Application
NVIDIA Optimus 1.0.15
NVIDIA Update Components
PhoneShare
Picasa 3
Pixum Fotobuch
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Posta Windows Live
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
Renesas Electronics USB 3.0 Host Controller Driver
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Printer Live Update
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863902) 32-Bit Edition
SkypeT 6.11
Software Version Updater
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SRS Premium Sound Control Panel
�berwachungstool f�r die Intel� Turbo-Boost-Technik 2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Uplay
User Guide
VLC media player 2.0.1
VS10Runtimex64
WIDCOMM Bluetooth Software
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogal�ria
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotograf Galerisi
Windows Live Fot�t�r
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Posta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Par�alar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennusty�kalu
Windows Liven s�hk�posti
Windows Liven valokuvavalikoima
WordCaptureX Pro
WPM17.8.0.3325
Zattoo4 4.0.5
Zip Opener Packages
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wpm deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default
---- Lines enabledAddons" modified from prefs.js ----
user_pref("extensions.enabledAddons", "lightningnewtab%40gmail.com:1.0.5.7,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0");
---- Lines installCache" modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.autoDisableScopes", -1);
---- Lines Sweet removed from prefs.js ----
user_pref("browser.search.defaultenginename", "sweet-page");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
user__1655_.backup
prefs__1655_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Bench deleted
C:\PROGRA~2\SupTab deleted
C:\PROGRA~2\Conduit deleted
C:\Users\s\AppData\Roaming\DigitalSites deleted
C:\Users\s\AppData\Roaming\ValueApps deleted
C:\Users\s\AppData\Roaming\systweak deleted
C:\Users\s\AppData\Roaming\OpenCandy deleted
C:\ProgramData\IePluginService deleted
C:\ProgramData\WPM deleted
C:\Users\s\AppData\Local\BenchUpdater deleted
C:\Users\s\AppData\Local\Lollipop deleted
C:\Users\s\AppData\Local\SwvUpdater deleted
C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx deleted
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop deleted
C:\windows\SysNative\roboot64.exe deleted
C:\Users\Public\AlexaNSISPlugin.9660.dll deleted
C:\windows\wininit.ini deleted
C:\windows\tasks\AmiUpdXp.job deleted
C:\windows\SysNative\tasks\AmiUpdXp deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\windows\tasks\Digital Sites.job deleted
C:\windows\SysNative\tasks\bench-sys deleted
C:\windows\SysNative\tasks\bench-Updater removing deleted
C:\windows\tasks\bench-sys.job deleted
C:\windows\tasks\bench-Updater removing.job deleted
C:\END deleted
C:\Users\s\Documents\PC Speed Maximizer deleted
C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} deleted
"C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\sweet-page.xml" deleted
"C:\Users\s\AppData\Roaming\FreePDF" deleted
==== Files Recently Created / Modified ======================
====== C:\windows ====
====== C:\Users\s\AppData\Local\Temp ====
2014-02-02 21:29:57 CD48231A16207E89F7096FD58379AC03 670752 ----a-w- C:\Users\s\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
2014-02-02 16:56:41 D5A234D537A941504E2D3E9816238D32 3402832 ----a-w- C:\Users\s\AppData\Local\Temp\pcspeedmaxsetup.exe
2014-01-26 11:33:46 3A068A507C5124D4D84CAEE93AAA9B69 885400 ------w- C:\Users\s\AppData\Local\Temp\is357113909\86354289_stp\cor_sweet-page_CH.exe
2014-01-23 00:54:20 9E343AE10F8B2F8C75B957E065D004D4 100864 ----a-w- C:\Users\s\AppData\Local\Temp\fullpackage_temp1391360199\QQBrowserFrame.dll
2014-01-23 00:54:20 2EEE15B1927EADFF45013E94B0CB0D94 131640 ----a-w- C:\Users\s\AppData\Local\Temp\fullpackage_temp1391360199\QQBrowser.exe
====== C:\windows\SysWOW64 =====
2014-01-20 16:42:10 E9504E484076585F6DA3C59F0E20E122 417792 ----a-w- C:\windows\SysWOW64\WMPhoto.dll
2014-01-20 16:42:09 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\windows\SysWOW64\WindowsCodecs.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2014-02-01 10:30:37 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\windows\Sysnative\sdnclean64.exe
2014-01-20 16:42:10 4EDF8812713291DBBFDA67CE6215F236 465920 ----a-w- C:\windows\Sysnative\WMPhoto.dll
2014-01-20 16:42:09 3D7BB6DD7A87B3E36E44CA94444247A8 1424384 ----a-w- C:\windows\Sysnative\WindowsCodecs.dll
====== C:\windows\Sysnative\drivers =====
2014-01-19 21:39:25 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\windows\Sysnative\drivers\cng.sys
2014-01-19 21:39:24 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\windows\Sysnative\drivers\ksecdd.sys
2014-01-19 21:39:24 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\windows\Sysnative\drivers\ksecpkg.sys
2014-01-19 21:38:27 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\windows\Sysnative\drivers\usbehci.sys
2014-01-19 21:38:26 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\windows\Sysnative\drivers\usbccgp.sys
2014-01-19 21:38:26 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\windows\Sysnative\drivers\usbport.sys
2014-01-19 21:38:25 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\windows\Sysnative\drivers\usbd.sys
2014-01-19 21:38:25 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\windows\Sysnative\drivers\usbuhci.sys
2014-01-19 21:38:25 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\windows\Sysnative\drivers\usbhub.sys
2014-01-19 21:38:25 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\windows\Sysnative\drivers\usbohci.sys
2014-01-19 21:37:34 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\windows\Sysnative\drivers\Wdf01000.sys
2014-01-19 21:36:55 40AF23633D197905F03AB5628C558C51 1903552 ----a-w- C:\windows\Sysnative\drivers\tcpip.sys
2014-01-19 21:36:55 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\windows\Sysnative\drivers\netio.sys
2014-01-19 21:36:42 1A4F75E63C9FB84B85DFFC6B63FD5404 140800 ----a-w- C:\windows\Sysnative\drivers\mrxdav.sys
2014-01-19 21:36:38 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\windows\Sysnative\drivers\ataport.sys
2014-01-19 21:36:32 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\windows\Sysnative\drivers\afd.sys
2014-01-19 21:36:31 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\windows\Sysnative\drivers\hidparse.sys
2014-01-19 21:36:31 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\windows\Sysnative\drivers\hidclass.sys
2014-01-19 21:36:29 B0435098C81D04CAFFF80DDB746CD3A2 109824 ----a-w- C:\windows\Sysnative\drivers\USBAUDIO.sys
2014-01-19 21:36:29 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\windows\Sysnative\drivers\usbcir.sys
2014-01-19 21:36:29 1F775DA4CF1A3A1834207E975A72E9D7 185344 ----a-w- C:\windows\Sysnative\drivers\usbvideo.sys
2014-01-19 21:36:26 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\windows\Sysnative\drivers\drmk.sys
2014-01-19 21:36:26 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\windows\Sysnative\drivers\portcls.sys
2014-01-19 21:31:22 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\windows\Sysnative\drivers\dxgkrnl.sys
====== C:\windows\Tasks ======
2014-02-01 10:31:20 -------- d-----w- C:\windows\Sysnative\Tasks\Safer-Networking
====== C:\windows\Temp ======
======= C:\Program Files =====
2014-01-27 23:12:42 -------- d-----w- C:\Program Files\Conduit
======= C:\PROGRA~2 =====
2014-02-01 18:56:08 -------- d-----w- C:\PROGRA~2\CEWE
2014-01-27 23:50:17 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-01-13 14:26:02 -------- d-----w- C:\PROGRA~2\Ubisoft
======= C: =====
====== C:\Users\s\AppData\Roaming ======
2014-02-02 16:59:05 -------- d-----w- C:\Users\s\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-02-02 16:57:03 339F2CDD77593146F9BED14592E7A3E6 43 ----a-w- C:\Users\s\AppData\Roaming\WB.CFG
2014-01-27 23:11:41 -------- d-----w- C:\Users\s\AppData\Locallow\{5682CA62-1A80-40AE-82A0-B67833CE75FF}
2014-01-25 14:43:33 -------- d-----w- C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-13 17:59:44 -------- d-----w- C:\Users\s\AppData\Local\PunkBuster
2014-01-13 14:37:21 -------- d-----w- C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-01-13 14:37:20 -------- d-----w- C:\Users\s\AppData\Local\Ubisoft Game Launcher
2014-01-13 14:25:15 -------- d-----w- C:\Users\s\AppData\Local\Programs
====== C:\Users\s ======
2014-02-02 17:15:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\s\defogger_reenable
2014-02-02 16:53:37 CD48231A16207E89F7096FD58379AC03 670752 ----a-w- C:\Users\s\Downloads\ZipOpenerSetup.exe
2014-02-01 20:57:03 -------- d-----w- C:\Users\s\restore
2014-02-01 19:11:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
2014-01-30 14:22:56 8B15EB749457B601495C87F465C525F4 6118990 ----a-w- C:\Users\s\Downloads\imgburn [1].exe
2014-01-30 14:22:13 C858BC2E550340CCA94563998E960073 673560 ----a-w- C:\Users\s\Downloads\imgburn.exe
2014-01-27 23:11:01 D02FD9B93B16800F80F77FD2DE49C803 306 --sha-r- C:\ProgramData\ntuser.pol
====== C: exe-files ==
2014-02-02 21:29:57 CD48231A16207E89F7096FD58379AC03 670752 ----a-w- C:\Users\s\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
2014-02-02 16:59:05 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 ----a-w- C:\Users\s\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
2014-02-02 16:56:41 D5A234D537A941504E2D3E9816238D32 3402832 ----a-w- C:\Users\s\AppData\Local\Temp\pcspeedmaxsetup.exe
2014-02-02 16:53:37 CD48231A16207E89F7096FD58379AC03 670752 ----a-w- C:\Users\s\Downloads\ZipOpenerSetup.exe
2014-02-01 19:00:30 F1DCFB3C8A3B8B447A4E5135C55FD328 547482 ----a-w- C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\uninstall.exe
2014-02-01 18:56:56 CEDE02D7AF62449A2C38C49ABECC0CD3 4995416 ----a-w- C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\vcredist2010_x86.exe
2014-02-01 18:56:56 2D9E6EB3AD68978F19A4B2E88BDD6F8E 4132360 ----a-w- C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\vcredist_x86.exe
2014-02-01 18:56:55 639B2DAF0489475F3D52B69AE18DB6CC 17920 ----a-w- C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\facedetection.exe
2014-02-01 18:56:12 6D69D8E6FF4F331E5A11BBB6DCD89B0E 10268672 ----a-w- C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe
2014-02-01 18:56:11 C593DFCA39A72EB4EEFFEB2AE22621EE 1363456 ----a-w- C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe
2014-02-01 18:56:11 554985C0881B9F27E0AEA872316F7E0A 460288 ----a-w- C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\CEWE FOTOIMPORTER.exe
2014-02-01 17:14:10 6CC6AA2CE9E10517129CD02DAF8459E5 36160080 ----a-w- C:\Users\s\AppData\Local\Amazon Cloud Player\Updater\Amazon Cloud Player Installer.exe
2014-02-01 10:30:37 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-01-30 14:22:56 8B15EB749457B601495C87F465C525F4 6118990 ----a-w- C:\Users\s\Downloads\imgburn [1].exe
2014-01-30 14:22:13 C858BC2E550340CCA94563998E960073 673560 ----a-w- C:\Users\s\Downloads\imgburn.exe
2014-01-29 21:25:32 BD556495B9E1E00A2A55D4E6131C2EA0 981160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.102\32.0.1700.102_32.0.1700.76_chrome_updater.exe
2014-01-29 20:30:40 95538B9357EE263A75A3349550974262 364288 ----a-r- C:\ProgramData\NVIDIA\Updatus\Download\577A\updatus.17734322_RUNASUSER.exe
=== C: other files ==
2014-02-02 16:58:04 A7BD542BA35551B9059AED0AAD3E1310 1439487 ----a-w- C:\Users\s\AppData\Local\Temp\fullpackage_temp1391360199\tmp\package2.zip
2014-02-02 16:56:40 1707EEEC102FADDB29DD17585A99F3CB 1837759 ----a-w- C:\Users\s\AppData\Local\Temp\fullpackage_temp1391360199\package1.zip
2014-01-27 23:09:49 5A7DDB525B9AF48D9EFCE00B78829C83 680183 ----a-w- C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default\extensions\lightningnewtab@gmail.com.xpi
2014-01-27 23:09:38 F62F504CF99CA43295D7F5DC29CF2B56 270391 ----a-w- C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="C:\windows\Speech\Common\sapisvr.exe -SpeechUX -Startup"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Amazon Cloud Player"="C:\Users\s\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"Google+ Auto Backup"="C:\Users\s\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"
"ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon"="C:\windows\SysWOW64\Rundll32.exe C:\Users\s\AppData\Roaming\ValueApps\CH\TBVerifier.dll,RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon"
"Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://p22-buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/iForgot?prs_account_nm=st.ihlenfeldt%40googlemail.com&language-iso=de-de"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Immunet Protect"="C:\Program Files\Immunet\3.0.12\iptray.exe"
"FreePDF Assistant"="C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="C:\windows\Speech\Common\sapisvr.exe -SpeechUX -Startup"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Amazon Cloud Player"="C:\Users\s\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"Google+ Auto Backup"="C:\Users\s\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"
"ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon"="C:\windows\SysWOW64\Rundll32.exe C:\Users\s\AppData\Roaming\ValueApps\CH\TBVerifier.dll,RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon"
"Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://p22-buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/iForgot?prs_account_nm=st.ihlenfeldt%40googlemail.com&language-iso=de-de"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\windows\\SysWOW64\\nvinit.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\windows\\system32\\nvinitx.dll"
==== Startup Folders ======================
2011-12-10 21:02:49 1300 ----a-w- C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
2011-12-08 17:02:38 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2012-12-09 11:39:02 1931 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
==== Task Scheduler Jobs ======================
C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [28.12.2013 12:09]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12.11.2012 22:41]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\advSRS5" ["C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"]
"C:\windows\SysNative\tasks\BatteryLifeExtender" [C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe]
"C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\windows\SysNative\tasks\EasyBatteryManager" ["%ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe"]
"C:\windows\SysNative\tasks\EasyDisplayMgr" ["C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe"]
"C:\windows\SysNative\tasks\EasyPartitionManager" [C:\Windows\MSetup\BA46-12225A02\EPM.exe]
"C:\windows\SysNative\tasks\EasySpeedUpManager" ["%programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe"]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\windows\SysNative\tasks\MovieColorEnhancer" ["C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe"]
"C:\windows\SysNative\tasks\SamsungSupportCenter" [%programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe]
"C:\windows\SysNative\tasks\SmartRestarter" ["%ProgramFiles%\Samsung\SamsungFastStart\SmartRestarter.exe"]
"C:\windows\SysNative\tasks\SRS Premium Sound" [C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe]
"C:\windows\SysNative\tasks\SUPBackground" ["%ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe"]
"C:\windows\SysNative\tasks\WifiManager" ["%programfiles(x86)%\Samsung\Easy Display Manager\WifiManager.exe"]
"C:\windows\SysNative\tasks\{32F06940-612D-4938-A018-8477BD58ED6F}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]
"C:\windows\SysNative\tasks\Symantec\Norton Error Analyzer 18.7.2.3" [C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe]
"C:\windows\SysNative\tasks\Symantec\Norton Error Processor 18.7.2.3" [C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"lightningnewtab@gmail.com"="C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default\extensions\lightningnewtab@gmail.com.xpi" [23.01.2014 01:56]
==== Firefox Extensions ======================
ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default
- Extension_Protected - %ProfilePath%\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi
- Lightning Speed Dial - %ProfilePath%\extensions\lightningnewtab@gmail.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
==== Deleted Firefox Extensions ======================
C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi deleted
C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default\extensions\lightningnewtab@gmail.com.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mjdepfkicdcciagbigfcmdhknnoaaegf - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx[23.07.2010 19:21]
pkndmigholgfjlniaohblojbhgjbkakn - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx[]
Word CaptureX Extension - s\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf
Google Wallet - s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Chrome Fix ======================
C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkndmigholgfjlniaohblojbhgjbkakn_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.sweet-page.com/?type=hp&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX"
"Start Page Restore"="hxxp://ecosia.org/"
"Default_Page_URL"="hxxp://www.sweet-page.com/?type=hp&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.sweet-page.com/web/?type=ds&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX&q={searchTerms}"
"Default_Page_URL"="hxxp://www.sweet-page.com/?type=hp&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX"
"Start Page"="hxxp://www.sweet-page.com/?type=hp&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX"
"Search Page"="hxxp://www.sweet-page.com/web/?type=ds&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.sweet-page.com/web/?type=ds&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX&q={searchTerms}"
"Default_Page_URL"="hxxp://www.sweet-page.com/?type=hp&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX"
"Start Page"="hxxp://www.sweet-page.com/?type=hp&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX"
"Search Page"="hxxp://www.sweet-page.com/web/?type=ds&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX&q={searchTerms}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
"Start Page Restore"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{3F15ECF8-8450-4B65-9A71-B0EA4324FE3F} Ecosia Url="hxxp://ecosia.org/search?q={searchTerms}&addon=opensearch"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-1241931330-1321431864-582149410-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Gast\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gast\Desktop\STrainer 7.lnk - C:\Program Files (x86)\Coktel\Schultrainer\7. Klasse\Dev7VM.exe
C:\Users\Gast\Desktop\Zattoo.lnk - C:\Program Files (x86)\Zattoo4\Zattoo.exe
C:\Users\s\Desktop\Continue Zip Opener Installation.lnk - C:\Users\s\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe /RR
C:\Users\s\Desktop\iexplore - Verkn�pfung.lnk -
C:\Users\s\Desktop\system (c) (Name-f4evbc5itr) - Verkn�pfung.lnk -
C:\Users\UpdatusUser\Desktop\STrainer 7.lnk - C:\Program Files (x86)\Coktel\Schultrainer\7. Klasse\Dev7VM.exe
C:\Users\UpdatusUser\Desktop\Zattoo.lnk - C:\Program Files (x86)\Zattoo4\Zattoo.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk - C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe
C:\Users\Public\Desktop\Fotoschau.lnk - C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe
C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk - C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.sweet-page.com/?type=sc&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\Pixum Fotobuch.lnk - C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
==== shortcuts in Users Start Menu ======================
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Amazon Cloud Player.lnk - C:\Users\s\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk - C:\Users\s\AppData\Local\Amazon Cloud Player\Uninstall.exe
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\s\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall Google+ Auto Backup.lnk - C:\Windows\SysWOW64\msiexec.exe /x {A50DE037-B5C0-4C8A-8049-B0C576B313D1}
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.sweet-page.com/?type=sc&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Assassin's Creed IV Black Flag.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.sweet-page.com/?type=sc&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.lnk - C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH deinstallieren.lnk - C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.lnk - C:\Program Files (x86)\CEWE\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Deinstallieren.lnk - C:\Program Files (x86)\Google\Picasa3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa Photo Viewer konfigurieren.lnk - C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /reconfig
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\doubleTwist.lnk - C:\Program Files (x86)\doubleTwist 2.0\DoubleTwist.Desktop.exe
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391360214&from=cor&uid=HitachiXHTS727575A9E364_J3790084G5XL2GG5XL2GX
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk -
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\s\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\s\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\s\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\s\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\s\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\s\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\s\AppData\Local\Mozilla\Firefox\Profiles\kxcqmiu9.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=50 folders=29 7866564 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gast\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\s\AppData\Local\Temp will be emptied at reboot
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\s\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 03.02.2014 at 17:31:01,14 ======================
|
|
03.02.2014, 19:14
| #4 |
| /// Malwareteam / Visitor | Windows 7: Umleitung auf awesomehp entfernen? Wir entfernen noch einige Überreste
|
|
03.02.2014, 22:26
| #5 |
| | Windows 7: Umleitung auf awesomehp entfernen? Hallo Smeenk, hier das neue ZOEK Log: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by s on 03.02.2014 at 22:09:31,14.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\s\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-02-03-163101.log 55573 bytes
==== Empty Folders Check ======================
C:\PROGRA~2\Amazon deleted successfully
C:\Program Files\Symantec deleted successfully
C:\Users\Gast\AppData\Local\Immunet deleted successfully
C:\Users\Gast\AppData\Local\VirtualStore deleted successfully
C:\Users\s\AppData\Local\FreePDF_XP deleted successfully
C:\Users\s\AppData\Local\Immunet deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\lightningnewtab@gmail.com deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon"=-
==== Deleting Files \ Folders ======================
C:\Program Files\Conduit deleted
C:\Users\s\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z deleted
"C:\Users\s\Downloads\ZipOpenerSetup.exe" deleted
"C:\Users\s\Desktop\Continue Zip Opener Installation.lnk" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2" [03.02.2014 17:27]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages deleted successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=54 folders=34 9806812 bytes)
==== EOF on 03.02.2014 at 22:17:18,71 ======================
Beste Grüße chrismunich |
|
03.02.2014, 22:35
| #6 |
| /// Malwareteam / Visitor | Windows 7: Umleitung auf awesomehp entfernen? sieht schon viel besser aus, merkst Du noch einige Probleme mit Werbung im Browser? Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Downloade Dir bitte  Malwarebytes Anti-Malware
|
|
04.02.2014, 09:41
| #7 |
| | Windows 7: Umleitung auf awesomehp entfernen? Hallo smeenk, das ist doch schon sehr ermutigend :-)))))) hier das Log von adaware: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 04/02/2014 um 08:18:03
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : s - STEPHISRECHNER
# Gestartet von : C:\Users\s\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default\user.js
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\s\Desktop\iexplore - Verknüpfung.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_google-mail-notifier-plus_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_google-mail-notifier-plus_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\systweak
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16750
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\kxcqmiu9.default\prefs.js ]
-\\ Google Chrome v32.0.1700.107
[ Datei : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [4278 octets] - [03/02/2014 22:52:36]
AdwCleaner[S0].txt - [3361 octets] - [04/02/2014 08:18:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3421 octets] ##########
und Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 s :: STEPHISRECHNER [Administrator] Schutz: Aktiviert 04.02.2014 08:25:55 mbam-log-2014-02-04 (08-25-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 458194 Laufzeit: 54 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39B931CF-F1E2-4D04-8129-9EE8159A91C5} (PUP.Optional.SavingsWizard.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\sweet-pageSoftware (PUP.Optional.SweetPage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Users\s\Downloads\doubleTwistSetup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\s\Downloads\imgburn.exe (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\zoek_backup\C_Program Files_Conduit\ValueApps\IE\ValueAppsLoader.dll (PUP.Optional.ValueApps.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\zoek_backup\C_PROGRA~2_Conduit\ValueApps\IE\ValueAppsLoader.dll (PUP.Optional.ValueApps.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\zoek_backup\C_PROGRA~2_SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\zoek_backup\C_Users_s_AppData_Local_SwvUpdater\Updater.exe (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\zoek_backup\C_Users_s_AppData_Roaming_OpenCandy\F1C546B171A14251BA2662F4E3D8000B\INTERNALWRAPPER.exe (PUP.Optional.Searchprotect) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
04.02.2014, 11:26
| #8 |
| /// Malwareteam / Visitor | Windows 7: Umleitung auf awesomehp entfernen? Ich bin sehr Positiv, anscheinend haben beide Programme noch einige Überreste gelöscht  Meiner Meinung nach sind wir Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Grüße Smeenk |
|
05.02.2014, 23:05
| #9 |
| | Windows 7: Umleitung auf awesomehp entfernen? Funkt und läuft reibungslos!!!! 1000 und noch viel mehr Dank, Smeenk!!! |
|
06.02.2014, 00:57
| #10 |
| /// Malwareteam / Visitor | Windows 7: Umleitung auf awesomehp entfernen? Schön, dass wir helfen konnten  Grüße Smeenk |
|
Linear-Darstellung
