Win 7: Snapdo, plötzliches System-Shutdown

Eleve · 27.03.2014, 19:50

Hallo!

Ich habe ein Windows-7-64-bit-System.

Vor ca. 3 Monaten habe ich mir Snapdo eingefangen (selber schuld, ich war nicht aufmerksam genug ...) und nur unzureichend entfernt - ich bin damals irgendwie nicht auf eure Seite gekommen ...

Nun wollte ich den Störenfried ordentlich entfernen - mir ist erst jetzt aufgefallen, dass die Kinder in ihren Accounts in den Internet-Browsern einerseits snapdo und andererseits "gefährlich" aussehende "Systemmeldungen" (ganz klein "Ad" ...) hatten, das war mir zu heikel.

Symptome: Der Computer ist insbesondere in den letzten Monaten langsamer geworden. Wir haben aber leider auch ein langsames Netz und ich arbeite mit großen Dateien, die Platte füllt sich, also habe ich es auf das geschoben.

Ja, und vor ungefähr einem Jahr hat der Computer angefangen, immer wieder mal (so ein- bis zweimal im Monat) komplett abzustürzen - blauer Bildschirm mit dem Text:

"A problem has been detected and Windows has been shut down to prevent damage to your computer.

Modification of system code or a critical data structure was detected.

(Ich kürze ab: bei mehrmaligem Auftreten solle man Hardware und Software überprüfen/neu installieren/entfernen bzw. den Systemadministrator fragen ...)

Technical information:
*** STOP: 0x00000109 (und viele Zahlen und Ziffern, die erspare ich mir jetzt ...)"

Ich gebe zu, der Computer ließ sich normal starten. Die Aussicht auf ein komplettes Neuaufsetzen des Systems schreckte mich ordentlich ab, und so oft geschah das Ganze ja nicht. Daten habe ich nie verloren. Also habe ich nichts gemacht.

Ich dachte bis heute auch nicht an Malware oder ähnliches, mehr an einen RAM-Fehler. Langsamer wurde das Gerät auch erst deutlich später.

Gut, ich wollte also Snapdo loswerden:

Mein Virenscanner hatte keine Meldungen.

Ich habe dann mitten in der Nacht MBAM laufen lassen mit positivem Ergebnis, alles in Quarantäne geschoben. Auch den Adware-Cleaner habe ich nachgeschoben und 2x laufen lassen, logs sind anbei. (ich hoffe, dass ich da nichts vertan habe ... bitte um Entschuldigung!).

Erst danach habe ich das von euch vorgesehene Programm abgespult.

Anbei meine Logfiles - als Anhang, Beitrag ist sonst zu groß!

So, ich hoffe, ich habe alles richtig erwischt ...

Bin gespannt auf eure Rückmeldung!

Liebe Grüße

Barbara

sunjojo · 27.03.2014, 20:04

Hallo Eleve,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:

Regeln zum Ablauf der Bereinigung

Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
- Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).

Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.

Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
- Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.

Hinweise

Ich kann dir nie eine Garantie geben, dass alles entfernt wurde. Die Formatierung der Festplatte und das Neuinstallieren deines Betriebssystems ist immer sicherer und meistens schneller.

Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
- http://www.trojaner-board.de/137229-...code-tags.html; Falls das Logfile zu groß für einen Post ist, teile es in zwei/mehrere Posts.

Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.

Logfiles bitte direkt posten. Wenn diese zu groß sind, einfach zwei/drei Posts erstellen

.

Eleve · 27.03.2014, 22:08

Hallo Sunjojo,

Danke, dass du dich meines Problems annimmst.

Ich hatte im Übrigen auch an die Möglichkeit gedacht, die Logs auf mehrere Posts aufzuteilen, es gab jedoch eine automatisch generierte Meldung, dass der Beitrag maximal 120000 Zeichen (ich hoffe, die Nullen stimmen) haben solle und man bei Überschreitung doch bitte die Logdateien als Anhang schicken solle. Das habe ich dann auch so gemacht.

Ich schicke dir gerne nochmal die Logs:

FRST.txt:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by proworx (ATTENTION: The logged in user is not administrator) on PROWORX-PC on 27-03-2014 15:54:54
Running from C:\Users\proworx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lupinho.Net) C:\Program Files\Lupinho.Net\HardlinkBackup\HardlinkBackupTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DBAgent] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454216 2012-07-02] (Seagate Technology LLC)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] - C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767608 2014-03-21] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Runonce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [X]
HKLM-x32\...\Runonce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [X]
HKLM-x32\...\Runonce: [aswasOutExt64.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll" [X]
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\d756af1a-95d1-4ff1-bf5d-84ea57abc9bf.exe /check [181136 2014-03-26] (AVAST Software)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-03-05] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\Run: [Uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [120496 2012-07-02] (Seagate Technology LLC)
HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\MountPoints2: {0ec85fea-593e-11e0-a31b-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\MountPoints2: {313ce0da-2827-11e2-91d3-1c6f65deec0d} - E:\SISetup.exe
HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\MountPoints2: {ccf47943-1857-11e2-a67d-1c6f65deec0d} - K:\laucher.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC8E917F2522BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.16.1 80.120.17.70

FireFox:
========
FF ProfilePath: C:\Users\proworx\AppData\Roaming\Mozilla\Firefox\Profiles\vsts9pc7.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\proworx\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\proworx\AppData\Roaming\Mozilla\Firefox\Profiles\vsts9pc7.default\Extensions\toolbar@gmx.net.xpi [2013-05-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-26]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Drive) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-13]
CHR Extension: (YouTube) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-13]
CHR Extension: (Google Search) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-13]
CHR Extension: (WhiteSmoke US New) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif [2014-03-26]
CHR Extension: (Google Wallet) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-13]
CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\proworx\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-10-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 Asset Management Daemon; C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [133744 2011-03-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-17] (AVAST Software)
R2 DeltaCopyService; C:\DeltaCopy\DCServce.exe [683008 2009-11-23] (Synametrics Technologies)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-02] (Portrait Displays, Inc.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 HardlinkBackupService; C:\Program Files\Lupinho.Net\HardlinkBackup\HardlinkBackup.Service.exe [14848 2013-11-26] (Lupinho.Net)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14528 2012-07-02] (Seagate Technology LLC)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [464464 2011-04-24] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [229664 2011-04-24] (Protect Software GmbH)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-07] ()
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2011-02-16] (Portrait Displays, Inc.)
R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2008-09-08] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 15:54 - 2014-03-27 15:55 - 00019322 _____ () C:\Users\proworx\Desktop\FRST.txt
2014-03-27 15:54 - 2014-03-27 15:54 - 00000000 ____D () C:\FRST
2014-03-27 15:53 - 2014-03-27 15:53 - 02157056 _____ (Farbar) C:\Users\proworx\Desktop\FRST64.exe
2014-03-27 15:51 - 2014-03-27 15:51 - 00000476 _____ () C:\Users\proworx\Desktop\defogger_disable.log
2014-03-27 15:51 - 2014-03-27 15:51 - 00000000 _____ () C:\Users\Barbara\defogger_reenable
2014-03-27 15:49 - 2014-03-27 15:49 - 00050477 _____ () C:\Users\proworx\Desktop\Defogger.exe
2014-03-26 12:32 - 2014-03-26 12:43 - 00000000 ____D () C:\AdwCleaner
2014-03-26 12:22 - 2014-03-26 12:27 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-26 12:22 - 2014-03-26 12:22 - 00001086 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-26 12:22 - 2014-03-26 12:22 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-26 12:22 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-03-26 12:21 - 2014-03-26 12:21 - 04095448 _____ (BrightFort LLC ) C:\Users\proworx\Downloads\spywareblastersetup50.exe
2014-03-26 00:15 - 2014-03-26 00:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 00:14 - 2014-03-26 00:14 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-26 00:14 - 2014-03-26 00:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 00:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-26 00:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-26 00:14 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-26 00:12 - 2014-03-26 00:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\proworx\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-25 14:49 - 2014-03-27 06:15 - 00001064 _____ () C:\Windows\setupact.log
2014-03-25 14:49 - 2014-03-25 14:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-15 17:09 - 2014-03-15 17:09 - 00000108 _____ () C:\Users\proworx\Downloads\playlist.pls
2014-03-13 10:10 - 2014-03-13 10:10 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\GalileoPress
2014-03-13 06:29 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 06:29 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 06:29 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 06:29 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 06:29 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 06:29 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 06:29 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 06:29 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 06:29 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 06:29 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 06:29 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 06:29 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 06:29 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 06:29 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 06:29 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 06:29 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 06:29 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 06:29 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 06:29 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 06:29 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 06:29 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 06:29 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 06:29 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 06:29 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 06:29 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 06:29 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 06:29 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 06:29 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 06:29 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 06:29 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 06:29 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 06:29 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 06:29 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 06:29 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 06:29 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 06:29 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 06:29 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 06:29 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 06:29 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 06:29 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 06:28 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 06:28 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 06:28 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 06:28 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 06:28 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 06:28 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 06:27 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 06:27 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 15:06 - 2014-03-12 09:29 - 00000168 _____ () C:\Users\proworx\AppData\Roaming\PLGComp.ini
2014-03-11 15:04 - 2014-03-11 15:04 - 00001045 _____ () C:\Users\Public\Desktop\Focus Magic.lnk
2014-03-11 15:04 - 2014-03-11 15:04 - 00000053 _____ () C:\Users\Barbara\AppData\Roaming\PLGComp.ini
2014-03-11 15:04 - 2014-03-11 15:04 - 00000000 ____D () C:\Program Files (x86)\Focus Magic
2014-03-11 15:04 - 2013-04-27 16:09 - 03600896 _____ (Acclaim Software Ltd) C:\Windows\system32\FocusMag64.dll
2014-03-11 15:04 - 2013-04-19 11:32 - 08880128 _____ (Acclaim Software Ltd) C:\Windows\SysWOW64\FocusMag.dll
2014-03-11 15:04 - 2012-10-28 04:05 - 02790912 _____ (FreeImage) C:\Windows\SysWOW64\FreeImage.dll
2014-03-11 15:03 - 2014-03-11 15:04 - 02972360 _____ (Acclaim Software Ltd ) C:\Users\proworx\Downloads\FocusMagic401.exe
2014-03-09 12:21 - 2014-03-09 12:21 - 00000732 _____ () C:\Users\proworx\Documents\Unbekannte Ruinen am Nil.kmz
2014-02-28 16:05 - 2014-02-28 16:06 - 00000000 ____D () C:\Program Files (x86)\XMind
2014-02-28 16:01 - 2014-02-28 16:03 - 100610688 _____ (XMind Ltd. ) C:\Users\proworx\Downloads\xmind-windows-3.4.1.201401221918.exe
2014-02-25 12:12 - 2014-02-25 12:12 - 00000801 _____ () C:\Users\proworx\Documents\Mosque of Qurquma.kmz
2014-02-25 11:49 - 2014-02-25 11:49 - 00000797 _____ () C:\Users\proworx\Documents\Archnet IMG11085.kmz
2014-02-25 09:53 - 2014-02-25 09:53 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\PanoramaStudio2

==================== One Month Modified Files and Folders =======

2014-03-27 15:55 - 2014-03-27 15:54 - 00019322 _____ () C:\Users\proworx\Desktop\FRST.txt
2014-03-27 15:54 - 2014-03-27 15:54 - 00000000 ____D () C:\FRST
2014-03-27 15:53 - 2014-03-27 15:53 - 02157056 _____ (Farbar) C:\Users\proworx\Desktop\FRST64.exe
2014-03-27 15:53 - 2013-12-27 15:38 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-03-27 15:51 - 2014-03-27 15:51 - 00000476 _____ () C:\Users\proworx\Desktop\defogger_disable.log
2014-03-27 15:51 - 2014-03-27 15:51 - 00000000 _____ () C:\Users\Barbara\defogger_reenable
2014-03-27 15:51 - 2012-10-17 14:19 - 00000000 ____D () C:\Users\Barbara
2014-03-27 15:49 - 2014-03-27 15:49 - 00050477 _____ () C:\Users\proworx\Desktop\Defogger.exe
2014-03-27 15:49 - 2012-09-18 07:45 - 00000000 ____D () C:\Users\proworx\Documents\Outlook-Dateien
2014-03-27 15:42 - 2011-06-15 19:34 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 15:14 - 2013-12-11 15:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 12:31 - 2011-03-22 08:26 - 01779815 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 11:42 - 2011-06-15 19:34 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 11:09 - 2012-09-07 12:24 - 00000000 ____D () C:\Users\proworx\AppData\Local\CrashDumps
2014-03-27 06:25 - 2011-06-15 19:41 - 00000000 ____D () C:\Users\proworx\AppData\Local\Adobe
2014-03-27 06:25 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 06:25 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 06:17 - 2012-11-15 11:35 - 00001908 _____ () C:\Users\proworx\Desktop\SafeZone-Browser.lnk
2014-03-27 06:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-03-27 06:15 - 2014-03-25 14:49 - 00001064 _____ () C:\Windows\setupact.log
2014-03-27 06:15 - 2011-06-15 17:35 - 00165202 _____ () C:\Windows\SysWOW64\DTSSL.log
2014-03-27 06:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 16:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-26 12:43 - 2014-03-26 12:32 - 00000000 ____D () C:\AdwCleaner
2014-03-26 12:27 - 2014-03-26 12:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-26 12:22 - 2014-03-26 12:22 - 00001086 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-26 12:22 - 2014-03-26 12:22 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-26 12:21 - 2014-03-26 12:21 - 04095448 _____ (BrightFort LLC ) C:\Users\proworx\Downloads\spywareblastersetup50.exe
2014-03-26 00:46 - 2011-06-15 17:34 - 00495542 _____ () C:\Windows\PFRO.log
2014-03-26 00:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-26 00:16 - 2014-03-26 00:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 00:14 - 2014-03-26 00:14 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-26 00:14 - 2014-03-26 00:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 00:14 - 2012-10-23 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 00:13 - 2014-03-26 00:12 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\proworx\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-25 17:49 - 2012-10-25 13:50 - 00000000 ____D () C:\Users\Judith\AppData\Local\Mozilla
2014-03-25 17:43 - 2014-02-22 09:50 - 07294194 _____ () C:\Users\Judith\Documents\tirol_fuer_geographie.pptx
2014-03-25 16:40 - 2012-10-26 09:09 - 00000000 ____D () C:\Users\Judith\AppData\Local\CrashDumps
2014-03-25 14:57 - 2012-11-17 11:48 - 00001908 _____ () C:\Users\Judith\Desktop\SafeZone-Browser.lnk
2014-03-25 14:54 - 2011-04-13 19:21 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\SoftGrid Client
2014-03-25 14:49 - 2014-03-25 14:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 23:52 - 2011-09-20 05:19 - 00000000 ____D () C:\Windows\Minidump
2014-03-18 23:46 - 2013-08-20 23:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 23:44 - 2011-03-22 09:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 17:09 - 2014-03-15 17:09 - 00000108 _____ () C:\Users\proworx\Downloads\playlist.pls
2014-03-15 09:47 - 2013-02-16 09:54 - 00002182 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 09:40 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-14 06:18 - 2009-07-14 05:45 - 00348784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 06:17 - 2013-03-14 23:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 06:17 - 2013-03-14 23:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 22:01 - 2012-01-15 15:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 10:10 - 2014-03-13 10:10 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\GalileoPress
2014-03-12 09:29 - 2014-03-11 15:06 - 00000168 _____ () C:\Users\proworx\AppData\Roaming\PLGComp.ini
2014-03-12 08:14 - 2013-12-11 15:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:14 - 2013-12-11 15:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 15:04 - 2014-03-11 15:04 - 00001045 _____ () C:\Users\Public\Desktop\Focus Magic.lnk
2014-03-11 15:04 - 2014-03-11 15:04 - 00000053 _____ () C:\Users\Barbara\AppData\Roaming\PLGComp.ini
2014-03-11 15:04 - 2014-03-11 15:04 - 00000000 ____D () C:\Program Files (x86)\Focus Magic
2014-03-11 15:04 - 2014-03-11 15:03 - 02972360 _____ (Acclaim Software Ltd ) C:\Users\proworx\Downloads\FocusMagic401.exe
2014-03-09 12:21 - 2014-03-09 12:21 - 00000732 _____ () C:\Users\proworx\Documents\Unbekannte Ruinen am Nil.kmz
2014-03-08 11:40 - 2011-11-04 12:59 - 00000000 ____D () C:\Users\DefaultAppPool
2014-03-07 19:16 - 2009-07-14 18:58 - 00786842 _____ () C:\Windows\system32\perfh007.dat
2014-03-07 19:16 - 2009-07-14 18:58 - 00181742 _____ () C:\Windows\system32\perfc007.dat
2014-03-07 19:16 - 2009-07-14 06:13 - 01843980 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 09:26 - 2014-03-26 00:14 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-26 00:14 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-26 00:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 21:04 - 2011-09-19 08:32 - 00000000 ____D () C:\VueScan
2014-03-01 07:05 - 2014-03-13 06:29 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 06:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 06:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 06:29 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 06:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 06:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 06:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 06:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 06:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 06:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 06:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 06:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 06:29 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 06:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 06:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 06:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 06:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 06:29 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 06:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 06:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 06:29 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 06:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 06:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 06:29 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 06:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 06:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 06:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 06:29 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 06:29 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 06:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 06:29 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 06:29 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 06:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 06:29 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 06:29 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 06:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 06:29 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 06:29 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 06:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 06:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 16:06 - 2014-02-28 16:05 - 00000000 ____D () C:\Program Files (x86)\XMind
2014-02-28 16:06 - 2011-04-11 19:07 - 00000000 ____D () C:\Users\proworx
2014-02-28 16:03 - 2014-02-28 16:01 - 100610688 _____ (XMind Ltd. ) C:\Users\proworx\Downloads\xmind-windows-3.4.1.201401221918.exe
2014-02-28 03:06 - 2011-04-13 19:20 - 01817324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 12:12 - 2014-02-25 12:12 - 00000801 _____ () C:\Users\proworx\Documents\Mosque of Qurquma.kmz
2014-02-25 11:49 - 2014-02-25 11:49 - 00000797 _____ () C:\Users\proworx\Documents\Archnet IMG11085.kmz
2014-02-25 09:53 - 2014-02-25 09:53 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\PanoramaStudio2

Files to move or delete:
====================
C:\Users\Barbara\AppData\Roaming\PLGComp.ini
C:\Users\proworx\AppData\Roaming\PLGComp.ini


Some content of TEMP:
====================
C:\Users\proworx\AppData\Local\Temp\AskSLib.dll
C:\Users\proworx\AppData\Local\Temp\contentDATs.exe
C:\Users\proworx\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\proworx\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\proworx\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\proworx\AppData\Local\Temp\i4jdel0.exe
C:\Users\proworx\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\proworx\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\proworx\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\proworx\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\proworx\AppData\Local\Temp\readSTILog.dll
C:\Users\proworx\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\proworx\AppData\Local\Temp\siinst.exe
C:\Users\proworx\AppData\Local\Temp\strings.dll
C:\Users\proworx\AppData\Local\Temp\UpdaterCopy.exe
C:\Users\proworx\AppData\Local\Temp\vlc-2.0.7-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by proworx at 2014-03-27 15:55:29
Running from C:\Users\proworx\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

A.F.5 Rename your files 1.1 (HKLM-x32\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0.3.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 3.5 64-bit (HKLM\...\{44713725-8CC8-4710-B727-DC13A3665F9C}) (Version: 3.5.1 - Adobe)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.50527 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
Banana Buchhaltung 7.0 (HKLM-x32\...\Banana70_is1) (Version: 7.0.4.0 - Banana.ch SA)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-790CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1026.2246.39002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.1026.2246.39002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.1026.2246.39002 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.1026.2245.39002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1026.2246.39002 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.1026.2246.39002 - ATI) Hidden
CDCheck (HKLM-x32\...\CDCheck) (Version:  - )
Creative Photos FUJISHOP-PBM (HKLM-x32\...\Creative Photos FUJISHOP-PBM) (Version: 2.2.0.359 - Imaxel Lab S.L)
CrystalDiskInfo 5.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.0.5 - Crystal Dew World)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
DeltaCopy (HKLM-x32\...\{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}) (Version: 1.40.0000 - Synametrics Technologies)
Deutschstunde 1 SBL (HKLM-x32\...\Deutschstunde1SBL.0FB2569A2AD22E022B247A739500DB6BDEE69FAC.1) (Version: 1.00 - VERITAS Verlags- und Handelsges.m.b.H. u. Co. OHG)
Deutschstunde 1 SBL (x32 Version: 1.00 - VERITAS Verlags- und Handelsges.m.b.H. u. Co. OHG) Hidden
DigitalPrintLab3 (HKLM-x32\...\printeriaDigitalPrintLab3) (Version:  - printeria)
Elements 10 Organizer (x32 Version: 10.0 - Ihr Firmenname) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
File Type Advisor 1.3 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
FM PDF To JPG Converter Free 2.5 (HKLM-x32\...\FM PDF To JPG Converter Free_is1) (Version: 2.5 - )
Focus Magic 4.01 (HKLM-x32\...\Focus Magic_is1) (Version: 4.01 - Acclaim Software Ltd)
FormsForWeb® Filler 3.2.3 (HKLM-x32\...\{18815D2C-C62D-4066-94F3-55966581D2A5}) (Version: 3.2.3 - Lucom GmbH)
Fotobuchexpress24 Bestellsoftware (HKLM-x32\...\Fotobuchexpress24) (Version: 3.1.26 - SSW Software GmbH)
Fotobuchexpress24 Bestellsoftware (x32 Version: 3.1.26 - SSW Software GmbH) Hidden
fotokasten comfort 4.2 (HKLM-x32\...\fotokasten comfort_is1) (Version:  - )
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
FreeFileSync 5.8 (HKLM-x32\...\FreeFileSync) (Version: 5.8 - Zenju)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HappyFoto-Designer 4.5 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
HardlinkBackup (64 bit) (HKLM\...\{3B4F43A9-459C-45D4-A565-C7249A0AB598}) (Version: 2.1.4 - Lupinho.Net)
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HP Display Assistant (HKLM-x32\...\{17B371B7-740F-4C83-BDFE-0C3A2C585103}) (Version: 2.00.055 - Portrait Displays, Inc.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
HydraVision (x32 Version: 4.2.166.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iDevice Manager (HKLM-x32\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 3.1.0.0 - Marx Software)
iExplorer 2.2.1.3 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant, LLC)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Naim Desktop Client (HKLM-x32\...\{47DDBB74-9326-4D79-9FF1-304D2119AD9A}) (Version: 2.0.2 - Naim Limited)
Naim Streamer Updater 3.21.3(7006) (HKLM-x32\...\{F3609C43-8931-4711-8969-964684223038}_is1) (Version: 3.21.3(7006) - Naim Audio Ltd)
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PanoramaStudio 2.5 ((deinstallieren)) (HKLM\...\PanoramaStudio2) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pivot Pro Plugin (x32 Version: 9.50.110 - Portrait Displays, Inc.) Hidden
Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.35.160 - )
Polar ProTrainer Trial (HKLM-x32\...\{B116E95E-01B1-420A-AECB-B2B330B9BD97}) (Version: 5.35.161 - )
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.5 - )
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 2.9.2 - SSW Software GmbH)
Saal Design Software (x32 Version: 2.9.2 - SSW Software GmbH) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SDK (x32 Version: 2.25.004 - Portrait Displays, Inc.) Hidden
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.0.3602.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
ShiftN 3.6.1 (HKLM-x32\...\ShiftN_is1) (Version: 3.6.1 - Marcus Hebel)
SilverFast HDRStudio 6.6.2r4a (HKLM-x32\...\SilverFast HDRStudio) (Version:  - LaserSoft Imaging AG)
SilverFast NikonM 6.6.2r4a (HKLM-x32\...\SilverFast NikonM) (Version:  - LaserSoft Imaging AG)
Snapform Viewer 1.7.33 (HKLM\...\2841-5017-1617-4151) (Version: 1.7.33 - Ringler Informatik AG)
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version:  - )
Spyder3Pro (HKLM-x32\...\Spyder3Pro) (Version:  - )
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
USB-Ir Adapter (HKLM-x32\...\{76AD2AAC-14EE-4CE3-958A-BB3DF65E7F06}) (Version: 1.03.0000 - )
Versteckt - Entdeckt! Fantasy (HKLM-x32\...\{FD2A02A5-C285-11DC-AA69-00E07DDCAF19}) (Version: 1.00.0000 - Terzio Verlag)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Voyages 1 Vokabeltrainer (HKLM-x32\...\de.klett.vokabeltrainer.voyages1.CE0E3A60A72FE7E3EB57F417A8115A03D988FEF4.1) (Version: 1.0 - Ernst Klett Sprachen GmbH)
Voyages 1 Vokabeltrainer (x32 Version: 1.0 - Ernst Klett Sprachen GmbH) Hidden
VueScan (HKLM\...\VueScan) (Version:  - )
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010  - Leaf Imaging Ltd.)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
Zoner Photo Studio 14 (HKLM\...\ZonerPhotoStudio14_DE_is1) (Version: 14.0.1.4 - ZONER software)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2010-06-04 12:32 - 2010-07-07 15:00 - 07667970 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
2012-11-06 16:32 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2012-11-06 16:32 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2012-11-06 16:32 - 2012-08-31 15:03 - 00373760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:54:24.668]: [00004904]:    Don't Create FileMapping!!!!

Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:54:24.668]: [00004904]:    FrendlyName : Brother MFC-790CW LAN Printer

Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:54:24.667]: [00004904]:    Error : ExecMonitor()

Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:52:24.670]: [00004904]:    Don't Create FileMapping!!!!

Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:52:24.670]: [00004904]:    FrendlyName : Brother MFC-790CW LAN Printer

Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:52:24.670]: [00004904]:    Error : ExecMonitor()

Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:50:24.647]: [00004904]:    Don't Create FileMapping!!!!

Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:50:24.647]: [00004904]:    FrendlyName : Brother MFC-790CW LAN Printer

Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:50:24.646]: [00004904]:    Error : ExecMonitor()

Error: (03/27/2014 03:48:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:48:24.634]: [00004904]:    Don't Create FileMapping!!!!


System errors:
=============
Error: (03/27/2014 11:08:59 AM) (Source: DCOM) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}

Error: (03/27/2014 06:16:39 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/26/2014 04:49:59 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (03/26/2014 03:02:18 PM) (Source: DCOM) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}

Error: (03/26/2014 00:46:21 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/26/2014 00:11:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/26/2014 01:02:43 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (03/26/2014 00:53:37 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/26/2014 00:49:02 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/25/2014 03:04:01 PM) (Source: DCOM) (User: proworx-PC)
Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}proworx-PCJudithS-1-5-21-768405528-1706932147-445367486-1003LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:54:24.668]: [00004904]:    Don't Create FileMapping!!!!

Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:54:24.668]: [00004904]:    FrendlyName : Brother MFC-790CW LAN Printer

Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:54:24.667]: [00004904]:    Error : ExecMonitor()

Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:52:24.670]: [00004904]:    Don't Create FileMapping!!!!

Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:52:24.670]: [00004904]:    FrendlyName : Brother MFC-790CW LAN Printer

Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:52:24.670]: [00004904]:    Error : ExecMonitor()

Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:50:24.647]: [00004904]:    Don't Create FileMapping!!!!

Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:50:24.647]: [00004904]:    FrendlyName : Brother MFC-790CW LAN Printer

Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:50:24.646]: [00004904]:    Error : ExecMonitor()

Error: (03/27/2014 03:48:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:48:24.634]: [00004904]:    Don't Create FileMapping!!!!


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 6127.49 MB
Available physical RAM: 4231.35 MB
Total Pagefile: 12253.16 MB
Available Pagefile: 9224.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.97 GB) (Free:230.43 GB) NTFS
Drive d: (Video-Training) (CDROM) (Total:5.4 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:0.99 GB) (Free:0.98 GB) FAT
Drive s: (Fotos) (Network) (Total:3692.27 GB) (Free:1888.16 GB) NTFS
Drive u: (Dokumente) (Network) (Total:3692.27 GB) (Free:1888.16 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Weiter im nächsten Post ...

Eleve · 27.03.2014, 22:12

Und weiter gehts:

GMER:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-27 18:27:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Barbara\AppData\Local\Temp\uxtiyfob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                        fffff800035f8000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545                                                                                        fffff800035f8011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\wininit.exe[644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007718eecd 1 byte [62]
.text     C:\Windows\system32\services.exe[704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Windows\system32\winlogon.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007718eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007718eecd 1 byte [62]
.text     C:\Windows\system32\atiesrxx.exe[140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007718eecd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007718eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007718eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007718eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\afwServ.exe[1496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             000000007521a2ba 1 byte [62]
.text     C:\Windows\System32\spoolsv.exe[1868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[2008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112              000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                  000000007521a2ba 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                 000000007521a2ba 1 byte [62]
.text     C:\DeltaCopy\DCServce.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                     000000007521a2ba 1 byte [62]
.text     C:\DeltaCopy\rsync.exe[2236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                        000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe[2260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                       000000007521a2ba 1 byte [62]
.text     C:\Windows\system32\svchost.exe[2288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Program Files\Lupinho.Net\HardlinkBackup\HardlinkBackup.Service.exe[2404] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                        000000007718eecd 1 byte [62]
.text     C:\Windows\system32\taskhost.exe[2544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                              000000007718eecd 1 byte [62]
.text     C:\Windows\system32\inetsrv\inetinfo.exe[2920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      000000007718eecd 1 byte [62]
.text     C:\Windows\Explorer.EXE[3000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                       000000007718eecd 1 byte [62]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                            000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076cf1465 2 bytes [CF, 76]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         0000000076cf14bb 2 bytes [CF, 76]
.text     ...                                                                                                                                                       * 2
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[3096] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                     000000007521a2ba 1 byte [62]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007718eecd 1 byte [62]
.text     C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe[3464] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112           000000007521a2ba 1 byte [62]
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007718eecd 1 byte [62]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                     000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076cf1465 2 bytes [CF, 76]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000076cf14bb 2 bytes [CF, 76]
.text     ...                                                                                                                                                       * 2
.text     C:\Program Files\Lupinho.Net\HardlinkBackup\HardlinkBackupTray.exe[3628] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                            000000007718eecd 1 byte [62]
.text     C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe[3796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076cf1465 2 bytes [CF, 76]
.text     C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           0000000076cf14bb 2 bytes [CF, 76]
.text     ...                                                                                                                                                       * 2
.text     C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe[3844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                      000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    000000007521a2ba 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[3236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[3296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                 000000007521a2ba 1 byte [62]
.text     C:\Windows\system32\svchost.exe[4608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[4908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                000000007521a2ba 1 byte [62]
?         C:\Windows\system32\mssprxy.dll [4984] entry point in ".rdata" section                                                                                    00000000622e71e6
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112        000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076cf1465 2 bytes [CF, 76]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     0000000076cf14bb 2 bytes [CF, 76]
.text     ...                                                                                                                                                       * 2
.text     C:\Windows\system32\SearchIndexer.exe[5264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                         000000007718eecd 1 byte [62]
.text     C:\Program Files\iPod\bin\iPodService.exe[6096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                     000000007718eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[6728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007718eecd 1 byte [62]
.text     C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe[1392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112             000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                000000007521a2ba 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                000000007521a2ba 1 byte [62]
.text     C:\Windows\system32\AUDIODG.EXE[6164] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007718eecd 1 byte [62]
.text     C:\Users\proworx\Desktop\Gmer-19357.exe[4092] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                       000000007521a2ba 1 byte [62]

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [6028:3348]                                                                                                               000007fee4a49688

---- EOF - GMER 2.1 ----

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 26.03.2014
Scan Time: 00:42:50
Logfile: Malwarebytes_log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.25.09
Rootkit Database: v2014.03.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Barbara

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 473223
Time Elapsed: 26 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.SnapDo.A, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [a9d458af7ffc24127cf76ef3a260ab55], 

Registry Values: 1
PUP.Optional.SnapDo.A, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoOCYB, Quarantined, [a9d458af7ffc24127cf76ef3a260ab55]

Registry Data: 9
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[4c31ed1a3744c274eba78182709418e8]
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[a5d8798e83f8c373830e50b3788c8977]
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[f28b16f1750604322470e122c4406e92]
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[592416f1126977bf266f847f040044bc]
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[314c996e6c0fdf572b6790733fc51be5]
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013),Replaced,[e39abe49fe7d12242370fb08a95b857b]
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[e994df28166571c59ff207fc8a7ac53b]
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[57263acd4d2e082e1a7a08fbd92b52ae]
PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[afce7790502b83b3dbba0003c63e629e]

Folders: 19
PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy, Quarantined, [631a42c5f88395a19d806ede09f9639d], 
PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy\B4C79BD4279644F4A0111551124D3A10, Quarantined, [631a42c5f88395a19d806ede09f9639d], 
PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], 
PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], 
PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\FE30E2B520264DF8B6D59FEB193B05D1, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], 
PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales\en, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales\es, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 

Files: 96
PUP.Optional.Linkury.A, C:\Users\Barbara\AppData\Roaming\OpenCandy\B4C79BD4279644F4A0111551124D3A10\Installer.exe, Quarantined, [6914c2453f3c6acc80a41cbebd46f10f], 
PUP.Optional.OpenCandy, C:\Users\proworx\Downloads\FreeFileSync_5.8_setup.exe, Quarantined, [681552b57605f244f62759ceb84c5ba5], 
PUP.Optional.WebSearch.A, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\ao5y6bz5.default\searchplugins\Web Search.xml, Quarantined, [6a134abdea91b086c77284d325ddd030], 
PUP.Optional.WebSearch.A, C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\aaqcgp11.default\searchplugins\Web Search.xml, Quarantined, [7c01ea1d8eed3df9a2978bcc877b847c], 
PUP.Optional.WebSearch.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\65yiqvla.default\searchplugins\Web Search.xml, Quarantined, [4f2ebf48a1da7bbbc9707cdb52b0619f], 
PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A\3975.ico, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], 
PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A\EBB77268-338F-4C6A-8590-AD88FED26F4A, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], 
PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A\OCBrowserHelper_1.0.3.85.dll, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], 
PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A\setup_759.exe, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], 
PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\FE30E2B520264DF8B6D59FEB193B05D1\TuneUpUtilities2013_2200213_de-DE.exe, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], 
PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\chLogic.exe, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], 
PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\CT3244149.txt, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], 
PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\dtime.csf, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], 
PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\initData.json, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], 
PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\manifest.json, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], 
PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\statisticsStub.exe, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.html, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\manifest.json, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.htm, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.html, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.html, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS\border.css, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fb.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fblike.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\gmail.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\google.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\googleplus.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\left.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\mgsplusvideo.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\pinit.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\right.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\searchBox.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\twitter.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\BackPageRemove.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\defaultBlockList.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\documentEvents.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\externalJS.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\FBImagePreview.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\InternalJS.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\jquery-1.9.0.min.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\PluginWrapper.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\publisherDefinitions.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\tabReload.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\TopFrameJS.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\homePage.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\SnapDo.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\SnapDo128.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\SnapDo16.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\SnapDo48.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\manifest.json, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\ajax.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\background.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\common.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\content.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\notifier.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\notify.css, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\back.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\bitty.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\close.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\logo-sm.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\logo.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales\en\messages.json, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales\es\messages.json, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], 
PUP.Optional.Snapdo.A, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\ao5y6bz5.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013");), Replaced,[59240403eb9081b5706c59d454b022de]
PUP.Optional.Snapdo.A, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\ao5y6bz5.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&installDate=27/12/2013&q=");), Replaced,[720b92754338bf778755a08d1ce8d729]
PUP.Optional.Snapdo.A, C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\aaqcgp11.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013");), Replaced,[88f5d334651688aea53756d722e2ed13]
PUP.Optional.Snapdo.A, C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\aaqcgp11.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&installDate=27/12/2013&q=");), Replaced,[3746b750304b42f42ab2d459fa0ad32d]
PUP.Optional.Snapdo.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\65yiqvla.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013");), Replaced,[7b0250b73447a294716b0924f11343bd]
PUP.Optional.Snapdo.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\65yiqvla.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&installDate=27/12/2013&q=");), Replaced,[dca1b255e19ada5cf9e3959861a302fe]
PUP.Optional.Snapdo.A, C:\Users\proworx\AppData\Roaming\Mozilla\Firefox\Profiles\vsts9pc7.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=nt&installDate=27/12/2013");), Replaced,[671638cfbcbf95a1528a51dca26220e0]
PUP.Optional.Snapdo.A, C:\Users\proworx\AppData\Roaming\Mozilla\Firefox\Profiles\vsts9pc7.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&installDate=27/12/2013&q=");), Replaced,[3d4032d58bf0ed499745220b39cbff01]

Physical Sectors: 0
(No malicious items detected)


(end)

AdwCleaner 1.Mal:

Code:

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 12:43:08
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Barbara - PROWORX-PC
# Gestartet von : C:\Users\Barbara\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\FreeRIP
Ordner Gelöscht : C:\Program Files (x86)\software4u
Ordner Gelöscht : C:\Users\proworx\AppData\Local\apn
Ordner Gelöscht : C:\Users\proworx\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\proworx\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\proworx\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\proworx\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Barbara\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gelöscht : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
[!] Ordner Gelöscht : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
[!] Ordner Gelöscht : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Datei Gelöscht : \END

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Judith\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword

[ Datei : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword

[ Datei : C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword

[ Datei : C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword

*************************

AdwCleaner[R0].txt - [5285 octets] - [26/03/2014 12:32:45]
AdwCleaner[S0].txt - [4690 octets] - [26/03/2014 12:43:08]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4750 octets] ##########

AdwCleaner 2.Mal:

Code:

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 12:32:45
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Barbara - PROWORX-PC
# Gestartet von : C:\Users\Barbara\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : \END
Ordner Gefunden : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gefunden : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gefunden : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gefunden : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gefunden C:\Program Files (x86)\FreeRIP
Ordner Gefunden C:\Program Files (x86)\software4u
Ordner Gefunden C:\Users\Barbara\AppData\Roaming\software4u
Ordner Gefunden C:\Users\proworx\AppData\Local\apn
Ordner Gefunden C:\Users\proworx\AppData\Local\PackageAware
Ordner Gefunden C:\Users\proworx\AppData\Local\Temp\AskSearch
Ordner Gefunden C:\Users\proworx\AppData\Local\Temp\boost_interprocess
Ordner Gefunden C:\Users\proworx\AppData\LocalLow\Conduit

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Judith\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword

[ Datei : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword

[ Datei : C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword

[ Datei : C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword

*************************

AdwCleaner[R0].txt - [5135 octets] - [26/03/2014 12:32:45]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [5195 octets] ##########

So, ich hoffe, du hast nun alles, was du brauchst!

Liebe Grüße

Barbara

sunjojo · 28.03.2014, 17:42

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Barbara\AppData\Roaming\PLGComp.ini
C:\Users\proworx\AppData\Roaming\PLGComp.ini
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Hast du noch Probleme mit irgendwelchen veränderten Startseiten, Suchseiten oder ständigen Popus/Werbungen (wenn ja, in welchem Browser)?

Gibt es noch weitere Probleme mit dem Rechner (z.B. die Abstürze, wenn ja, wie häufig kommen diese vor? Wie ist die Performance von deinem Rechner, immernoch langsam oder besser?

Eleve · 31.03.2014, 11:03

Hallo Jonas,

Entschuldige bitte die späte Rückmeldung - am Wochenende geht es bei uns gerne rund und ich komme nicht zum Computer.

Ich wollte gerade die Anleitung von dir in Ruhe durchgehen, vorher wollte ich noch ein paar Dinge erledigen und musste dazu ins Internet - Firmenwebseiten wg. Telefonnummern aufrufen. Plötzlich bekomme ich folgende Meldung von Firefox:

Server Error in '/' Application.
Cannot open database "mediamanager" requested by the login. The login failed. Login failed for user 'aspnet'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Cannot open database "mediamanager" requested by the login. The login failed. Login failed for user 'aspnet'.

Source Error:

Line 2: <%@ Import NameSpace="MMDelivery" %><%
Line 3:
Line 4: using(Delivery delivery = Delivery.Current)
Line 5: {
Line 6: switch(delivery.OutCome)

Source File: D:\websites\mmdelivery\Default.aspx Line: 4

Stack Trace:

[SqlException: Cannot open database "mediamanager" requested by the login. The login failed.
Login failed for user 'aspnet'.]
System.Data.SqlClient.ConnectionPool.GetConnection(Boolean& isInTransaction) +552
System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnectionString options, Boolean& isInTransaction) +372
System.Data.SqlClient.SqlConnection.Open() +384
MMDelivery.SqlHelper.PrepareCommand(SqlCommand command, SqlConnection connection, SqlTransaction transaction, CommandType commandType, String commandText, SqlParameter[] commandParameters, Boolean& mustCloseConnection) +73
MMDelivery.SqlHelper.ExecuteReader(SqlConnection connection, SqlTransaction transaction, CommandType commandType, String commandText, SqlParameter[] commandParameters, SqlConnectionOwnership connectionOwnership) +384
MMDelivery.Delivery.LoadClip(Guid gClipId, Boolean isSyndicated) +1205
MMDelivery.DeliveryStream..ctor() +100
MMDelivery.Delivery.get_Current() +204
ASP.Default_aspx.__Render__control1(HtmlTextWriter __output, Control parameterContainer) in D:\websites\mmdelivery\Default.aspx:4
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +27
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
System.Web.UI.Page.ProcessRequestMain() +1926

Version Information: Microsoft .NET Framework Version:1.1.4322.2407; ASP.NET Version:1.1.4322.2407

Wie du ja weißt, gibt es bei mir eigentlich keinen User "aspnet" ...

Soll ich deine Anordnungen noch ausführen oder hat sich die Situation wesentlich geändert?

Vielen Dank nochmals!

Barbara

sunjojo · 31.03.2014, 18:02

Zitat:

Soll ich deine Anordnungen noch ausführen oder hat sich die Situation wesentlich geändert?

Nein, das sieht nach einem Problem von dem Server aus und liegt nicht an deinem Computer. Bitte den schon geposteten Schritt ausführen und noch folgende Schritte gleich hinterher

:

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 2
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Hast du noch Probleme mit irgendwelchen veränderten Startseiten, Suchseiten oder ständigen Popus/Werbungen (wenn ja, in welchem Browser)? Gibt es noch weitere Probleme mit dem Rechner?

Poste folgende Logfiles in deiner nächsten Antwort:

ESET-Scan
FRST-Scan

Eleve · 31.03.2014, 18:13

Gut, ich lege gleich los.

Eine Frage aber noch: ich habe genau genommen einen ganzen Haufen Speichermedien, jedenfalls mehr, als ich während des Scans anschließen kann. Wie soll ich da verfahren?

sunjojo · 31.03.2014, 18:18

Zitat:

Eine Frage aber noch: ich habe genau genommen einen ganzen Haufen Speichermedien, jedenfalls mehr, als ich während des Scans anschließen kann. Wie soll ich da verfahren?

Ich würde die Speichermedien nehmen, die du am häufigsten verwendest, bzw. überhaupt an den Computer angeschlossen hattest, z.B. externe Festplatten für Backups oder den USB-Stick, den du regelmäßig an deinen Rechner anschließt um Daten zu übertragen, ...

Eleve · 31.03.2014, 18:34

Naja, auch das sind leider 2 USB-Sticks und drei externe Festplatten (in Summe habe ich mehr, die Fotos ... und das Vater-Großvater-Sohn-Prinzip der Sicherung ...) und ich habe nur 3 USB-Buchsen zur Verfügung. Kann ich den Scan mehrmals machen, sodass mir auch keine Festplatte durch die Lappen geht?

Und: ich habe eine NAS dranhängen, ist die auch zu scannen (und wie mach ich das dann?)

DAAANKE!

sunjojo · 31.03.2014, 18:55

Zitat:

Kann ich den Scan mehrmals machen, sodass mir auch keine Festplatte durch die Lappen geht?

Kannst du machen, wenn du willst

.

Zitat:

Und: ich habe eine NAS dranhängen, ist die auch zu scannen (und wie mach ich das dann?)

Ich glaube, ESET scannt auch deinen NAS mit, aber ganz sicher bin ich mir nicht. Jedoch kann dann natürlich der Scan mit mehreren externen Festplatten und und einem NAS seeeehr lange dauern, also solltest du dir überlegen, ob du den Scan für die übrig gebliebenen Festplatten wiederholen möchtest. Alternativ würde ich dir empfehlen, die Wechselmedien, die du nicht angängen konntest, direkt (also nur die Wechselmedien und nicht nochmal den gesamten Computer) mit Avast zu scannen.

Eleve · 31.03.2014, 19:00

Hier noch die Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by proworx at 2014-03-31 19:47:33 Run:1
Running from C:\Users\proworx\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Barbara\AppData\Roaming\PLGComp.ini
C:\Users\proworx\AppData\Roaming\PLGComp.ini
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
         
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Error deleting key
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Policies\Google => Error deleting key
Could not move "C:\Users\Barbara\AppData\Roaming\PLGComp.ini" => Scheduled to move on reboot.
C:\Users\proworx\AppData\Roaming\PLGComp.ini => Moved successfully.
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.
"C:\ProgramData\TEMP" => ":8C35AEA7" ADS not found.

sunjojo · 31.03.2014, 19:03

Du hast FRST nicht als Administrator gestartet, bitte den Fix nochmal als Administrator wiederholen und später den FRST Scan auch als Administrator ausführen

.

Eleve · 31.03.2014, 19:48

Sorry, auf den Administrator habe ich gar nicht geachtet ...

Und deine Antwort habe ich zuerst auch nicht gesehen, da der Thread damit länger als eine Seite wurde (ich habe sozusagen nicht umgeblättert ...).

Also: zunächst einmal den Fix als Administrator:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Barbara at 2014-03-31 20:42:50 Run:2
Running from C:\Users\proworx\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Barbara\AppData\Roaming\PLGComp.ini
C:\Users\proworx\AppData\Roaming\PLGComp.ini
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
         
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\Barbara\AppData\Roaming\PLGComp.ini" => File/Directory not found.
"C:\Users\proworx\AppData\Roaming\PLGComp.ini" => File/Directory not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":8C35AEA7" ADS removed successfully.

==== End of Fixlog ====

sunjojo · 31.03.2014, 20:00

Zitat:

Also: zunächst einmal den Fix als Administrator:

Alles klar, wir machen dann weiter, wenn du mit ESET fertig bist und das neue FRST Logfile hast (nicht vergessen, den Scan als Administrator auszuführen

).

31.03.2014, 19:03	#13
sunjojo /// Malwareteam	Win 7: Snapdo, plötzliches System-Shutdown Du hast FRST nicht als Administrator gestartet, bitte den Fix nochmal als Administrator wiederholen und später den FRST Scan auch als Administrator ausführen . __________________ Gruß, Jonas

Win 7: Snapdo, plötzliches System-Shutdown

Log-Analyse und Auswertung: Win 7: Snapdo, plötzliches System-Shutdown