|
Log-Analyse und Auswertung: Friend Checker, Conduit Search, seltsames Browser VerhaltenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.04.2014, 22:35 | #1 |
| Friend Checker, Conduit Search, seltsames Browser Verhalten Hallo, seit einigen Wochen - Beginn nicht erinnerbar - habe ich bei jeder ca. fünften Seite in Firefox Popups von FriendChecker. Das Tollste ist: sie spielen jetzt auch Ton ab und sind durchweg personalisert (REWE, Mozilla Umfrage etc.) Dazu wollte ich eine Software namens Conduit Search und websteroids deinstallieren, doch das gelang mir nicht ganz. Neuinstallation von Firefox brachte nichts, da ich die Nutzerdaten komplett übernahm. Bei Suche nach FriendChecker entfernen zeigt mir Google heute viele Seiten, die AntiSpam Software anbieten aber offensichtlich auto-übersetzte Englische Seiten sind. Ich vertraue ihnen nicht. Entfernen FriendsChecker.com Popups-Infektion in einfachen Schritten ~ Neueste Malware und Spyware zu entfernen FriendsChecker Anleitung zum Entfernen Fragen: 1. Wie kommt das zu mir 2. Wie bekommt das meine Interessen und personalisiert Werbung? 3. Stimmt die aussage auf o.g. englischen Seiten, das Programm klaue Passwörter? Wie gefährlich ist das? Installiert es unkontrolliert Programme? 4. Was soll ich sonst noch tun, ist ja einiges gefunden worden von mbam Ich mag bald mein System resetten, doch wenn ich die ungereinigten User Daten übernehme (Einstellungen, Dateien, Desktop etc. ) habe ich Angst, eine Infektion zu verschleppen. 5. Wie gehe ich mit den gefundenen Malware um in meinen Backups? Muss ich unerkennbare Infektionen von eigenen Dateien befürchten? Mit Dank und Gruß Andreas awk P.S.: Die AVG Secure Search und SNIP! Plugins habe ich bewusst installiert, auch den Preisfinder. Ist an denen etwas schlecht? Dadurch sind die Listen recht lang und für mich nicht gut durchschaubar, was weg muss - |
17.04.2014, 09:15 | #2 |
/// the machine /// TB-Ausbilder | Friend Checker, Conduit Search, seltsames Browser Verhalten Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
23.04.2014, 22:12 | #3 |
| Friend Checker, Conduit Search, seltsames Browser Verhalten Hallo und Danke!
__________________Habe leider Probleme mit FSRT. Startet als Admin, doch nichts geschieht. Die erste Meldung bleibt stehen ewig und Fenster lässt sich nicht SChließen. Nur mit Taskmanager. Ich nutzte keine Virenscanner oder so, KiSi 2014 ist ausgeschaltet. Wirkt aber mglw. trotzdem beschränkend auf Kommandozeilen-Ausführung. Windows Total Protection Tool ist an. Werde Farbars nochmal testen über USBStick beim Hochfahren. Gruß AWK Ergebnisse der anderen Scanner: ESET: Code:
ATTFilter C:\ProgramData\InternetUpdater\InternetUpdaterService.exe a variant of MSIL/Adware.PullUpdate.A application C:\ProgramData\Updater\Uninstall.exe a variant of MSIL/Adware.PullUpdate.A application C:\Sandbox\Andreas\DefaultBox\user\all\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Sandbox\Andreas\DefaultBox\user\all\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Sandbox\Andreas\DefaultBox\user\current\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application C:\Sandbox\Andreas\DefaultBox\user\current\AppData\Local\Temp\YontooLayers\background.html JS/Adware.Yontoo.B application C:\Sandbox\Andreas\DefaultBox\user\current\AppData\Local\Temp\YontooLayers\yl.js JS/Adware.Yontoo.A application C:\Users\All Users\InternetUpdater\InternetUpdaterService.exe a variant of MSIL/Adware.PullUpdate.A application C:\Users\All Users\Updater\Uninstall.exe a variant of MSIL/Adware.PullUpdate.A application C:\Users\Andreas\AppData\Local\Temp\sdDfLhN1.exe.part Win32/Adware.1ClickDownload.AM application C:\Users\Andreas\AppData\Local\Temp\tbsTMP.exe multiple threats C:\Users\Andreas\AppData\Local\Temp\{E66453AB-7A72-489F-93FA-459B0E04AC0C}\setup.exe multiple threats C:\Users\Andreas\Downloads\kleine_haie_1080bps.mp4.exe Win32/Adware.MediaFinder.B application C:\Users\Andreas\Local Settings\Temp\sdDfLhN1.exe.part Win32/Adware.1ClickDownload.AM application C:\Users\Andreas\Local Settings\Temp\tbsTMP.exe multiple threats C:\Users\Andreas\Local Settings\Temp\{E66453AB-7A72-489F-93FA-459B0E04AC0C}\setup.exe multiple threats Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16.04.2014 Scan Time: 23:27:40 Logfile: 2014-04-16 mbam log.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.16.10 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Andreas Scan Type: Threat Scan Result: Completed Objects Scanned: 393676 Time Elapsed: 26 min, 18 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, 2088, , [17f3c06bee8ddf57ec7d2f1b98692ed2] Modules: 0 (No malicious items detected) Registry Keys: 12 PUP.Optional.InternetUpdaterService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\InternetUpdater, , [17f3c06bee8ddf57ec7d2f1b98692ed2], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [3fcbbf6c473440f672eac4529a6822de], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [ad5d73b8c9b256e082a8d244738fde22], PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], PUP.Optional.InternetUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InternetUpdater, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.Websteroids.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Websteroids, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [f91152d92c4f8aac6f82d5be946fbd43], PUP.Optional.Softonic.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [c44644e76417b482c41ef377a85a8779], PUP.Optional.SweetIM.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [a36731fa9ae18ea826ca97fc1de644bc], Registry Values: 8 PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 1590556208227549183, , [f91152d92c4f8aac6f82d5be946fbd43] PUP.Optional.InternetUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER|ImagePath, "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe", , [7595be6d9fdcef47b4c804799e648878] Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62] Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\Updater.exe, , [a8623dee3249b086f9cb217e996a9e62] Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62] Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62] Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62] PUP.Optional.SweetIM.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1590556208227549183, , [a36731fa9ae18ea826ca97fc1de644bc] Registry Data: 2 Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),,[c7439a91e59655e19c0de43f44c030d0] PUM.Hijack.CMDPrompt, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD, 1, Good: (0), Bad: (1),,[fe0ca289ea91ad891ad12af6ff0506fa] Folders: 16 PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\IE, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\CT3323737, , [0a00f833f5866ec817bcaab37e84d62a], PUP.Optional.Searchagent, C:\ProgramData\RHelpers, , [bb4f2902d5a61d1916881b43936fea16], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\ChromeHelper, , [bb4f2902d5a61d1916881b43936fea16], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\FirefoxHelper, , [bb4f2902d5a61d1916881b43936fea16], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\IeHelper, , [bb4f2902d5a61d1916881b43936fea16], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content, , [e624e6450b70be7846514e158e74a15f], Files: 69 PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, , [17f3c06bee8ddf57ec7d2f1b98692ed2], PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe, , [11f9e74476052e0848e184b8f40c6b95], PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe, , [8d7d79b227543df9f7321c20ff018977], PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\IeHelper\IeHelper.exe, , [6f9b56d5d1aa4cea76b31824996730d0], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsgE9FB.exe, , [b05a6bc0ed8e1521e01b849f3ec350b0], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsrA119.exe, , [0208d754f78437ffb5461013ca3757a9], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nst63AB.exe, , [b951fa315f1c74c2db204dd66c956997], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsw9B1F.exe, , [65a5a685a9d2d363b54652d1ab569769], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nswEE50.exe, , [d931e942bdbe58de92696cb7857c20e0], PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\SPSetup.exe, , [56b4de4d5d1edf574d9d0e0aa061d030], PUP.Optional.AdLyrics, C:\Users\Andreas\AppData\Local\Temp\tbsTMP.exe, , [7199c06b047747ef380cb35842bfe41c], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsb96F9.exe, , [9476b97282f968ce4fac7fa48f7206fa], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsbF218.exe, , [fd0d0229730867cf8f6c061d60a1f50b], PUP.Optional.Somoto.A, C:\Users\Andreas\AppData\Local\Temp\HWzKBmCC.exe.part, , [e12962c9c8b376c0070096a207f93bc5], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaA3A2.exe, , [33d742e983f8d95d38c327fc06fba060], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaC9B9.exe, , [0bff86a595e6013550abe24129d8da26], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsb568.exe, , [51b9f6357506db5bad4ea87bf011cb35], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdA26B.exe, , [957533f81e5d89adcb30ed369b66ed13], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst59E8.exe, , [14f6f03b6516c3738f6c37eca0619868], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstC009.exe, , [a06aae7d5e1d043240bbda49a35eab55], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv263A.exe, , [07032dfe8af17abce91277acc23f5fa1], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv9EF1.exe, , [7595ca618cef5bdb55a6be655da44fb1], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvA113.exe, , [f31757d4e29947efb14ae04322df936d], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvCCF4.exe, , [a367b7745526f541d2298b98e51c9070], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz6CCF.exe, , [18f2939857241125b84326fdf011956b], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg3212.exe, , [da300625324948eeac4fa57ec14008f8], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg8BEF.exe, , [a466fa31e09ba393d922de45d03160a0], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsgB565.exe, , [b65434f7d1aa0f2713e86bb80af79b65], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk743F.exe, , [9f6b0328205b41f54caff231f20fb54b], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk9A20.exe, , [9278b17a72092610639867bce918c53b], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskA8C7.exe, , [08022506ff7c72c435c6111234cd8977], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl3608.exe, , [ac5e8c9f760541f575861d06fc05ed13], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso5DBF.exe, , [47c31c0fec8f64d2d62535ee9f6248b8], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nspA934.exe, , [9476d457176474c23dbe9e85837ea45c], PUP.Optional.Bundlore, C:\Users\Andreas\Downloads\setup (1).exe, , [8a80270447347bbbb0969e83ba46de22], PUP.Adware.Agent, C:\Users\Andreas\Downloads\kleine_haie_1080bps.mp4.exe, , [45c513184734c86e336237d00df304fc], PUP.Optional.InstallIQ.A, C:\Users\Andreas\Downloads\frzfonts.exe, , [37d374b70d6ea393578265abf40dd927], PUP.Optional.OpenCandy, C:\Users\Andreas\Downloads\MyPhoneExplorer_Setup_1.8.4.exe, , [4ac0bc6f12696acc91ef0f3a33d112ee], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdater.ico, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\app.dat, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\data.dat, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\Uninstall.exe, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\app.dat, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Uninstall.exe, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Websteroids.ico, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\common.crx, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\announce.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\background.html, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\common.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\contentscript.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon.png, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon128.png, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon16.png, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon48.png, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\iframecontentscript.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\manifest.json, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome.manifest, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\install.rdf, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content\main.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content\overlay.xul, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\IE\common.dll, , [5cae161592e9eb4b36593c42d32fa45c], Worm.AutoIT, C:\Win\names.txt, , [d33746e58dee87afac7809b89d658c74], Trojan.Agent, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62], PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\CT3323737\ddt.csf, , [0a00f833f5866ec817bcaab37e84d62a], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome.manifest, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\install.rdf, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content\main.js, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content\overlay.xul, , [e624e6450b70be7846514e158e74a15f], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16.04.2014 Scan Time: 23:27:40 Logfile: 2014-04-16 mbam log.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.16.10 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Andreas Scan Type: Threat Scan Result: Completed Objects Scanned: 393676 Time Elapsed: 26 min, 18 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, 2088, , [17f3c06bee8ddf57ec7d2f1b98692ed2] Modules: 0 (No malicious items detected) Registry Keys: 12 PUP.Optional.InternetUpdaterService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\InternetUpdater, , [17f3c06bee8ddf57ec7d2f1b98692ed2], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [3fcbbf6c473440f672eac4529a6822de], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [ad5d73b8c9b256e082a8d244738fde22], PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], PUP.Optional.MoodTube.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, , [cb3f34f7c8b32610ea8c11031ee4c739], PUP.Optional.InternetUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InternetUpdater, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.Websteroids.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Websteroids, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [f91152d92c4f8aac6f82d5be946fbd43], PUP.Optional.Softonic.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [c44644e76417b482c41ef377a85a8779], PUP.Optional.SweetIM.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [a36731fa9ae18ea826ca97fc1de644bc], Registry Values: 8 PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 1590556208227549183, , [f91152d92c4f8aac6f82d5be946fbd43] PUP.Optional.InternetUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER|ImagePath, "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe", , [7595be6d9fdcef47b4c804799e648878] Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62] Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\Updater.exe, , [a8623dee3249b086f9cb217e996a9e62] Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62] Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62] Trojan.Agent, HKU\S-1-5-21-1624768357-4126066135-592724133-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62] PUP.Optional.SweetIM.A, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1590556208227549183, , [a36731fa9ae18ea826ca97fc1de644bc] Registry Data: 2 Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),,[c7439a91e59655e19c0de43f44c030d0] PUM.Hijack.CMDPrompt, HKU\S-1-5-21-1624768357-4126066135-592724133-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD, 1, Good: (0), Bad: (1),,[fe0ca289ea91ad891ad12af6ff0506fa] Folders: 16 PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\IE, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\CT3323737, , [0a00f833f5866ec817bcaab37e84d62a], PUP.Optional.Searchagent, C:\ProgramData\RHelpers, , [bb4f2902d5a61d1916881b43936fea16], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\ChromeHelper, , [bb4f2902d5a61d1916881b43936fea16], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\FirefoxHelper, , [bb4f2902d5a61d1916881b43936fea16], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\IeHelper, , [bb4f2902d5a61d1916881b43936fea16], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content, , [e624e6450b70be7846514e158e74a15f], Files: 69 PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, , [17f3c06bee8ddf57ec7d2f1b98692ed2], PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe, , [11f9e74476052e0848e184b8f40c6b95], PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe, , [8d7d79b227543df9f7321c20ff018977], PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\IeHelper\IeHelper.exe, , [6f9b56d5d1aa4cea76b31824996730d0], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsgE9FB.exe, , [b05a6bc0ed8e1521e01b849f3ec350b0], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsrA119.exe, , [0208d754f78437ffb5461013ca3757a9], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nst63AB.exe, , [b951fa315f1c74c2db204dd66c956997], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsw9B1F.exe, , [65a5a685a9d2d363b54652d1ab569769], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nswEE50.exe, , [d931e942bdbe58de92696cb7857c20e0], PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\SPSetup.exe, , [56b4de4d5d1edf574d9d0e0aa061d030], PUP.Optional.AdLyrics, C:\Users\Andreas\AppData\Local\Temp\tbsTMP.exe, , [7199c06b047747ef380cb35842bfe41c], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsb96F9.exe, , [9476b97282f968ce4fac7fa48f7206fa], PUP.Optional.SearchProtect.A, C:\Users\Andreas\AppData\Local\Temp\nsbF218.exe, , [fd0d0229730867cf8f6c061d60a1f50b], PUP.Optional.Somoto.A, C:\Users\Andreas\AppData\Local\Temp\HWzKBmCC.exe.part, , [e12962c9c8b376c0070096a207f93bc5], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaA3A2.exe, , [33d742e983f8d95d38c327fc06fba060], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaC9B9.exe, , [0bff86a595e6013550abe24129d8da26], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsb568.exe, , [51b9f6357506db5bad4ea87bf011cb35], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdA26B.exe, , [957533f81e5d89adcb30ed369b66ed13], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst59E8.exe, , [14f6f03b6516c3738f6c37eca0619868], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstC009.exe, , [a06aae7d5e1d043240bbda49a35eab55], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv263A.exe, , [07032dfe8af17abce91277acc23f5fa1], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv9EF1.exe, , [7595ca618cef5bdb55a6be655da44fb1], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvA113.exe, , [f31757d4e29947efb14ae04322df936d], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvCCF4.exe, , [a367b7745526f541d2298b98e51c9070], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz6CCF.exe, , [18f2939857241125b84326fdf011956b], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg3212.exe, , [da300625324948eeac4fa57ec14008f8], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg8BEF.exe, , [a466fa31e09ba393d922de45d03160a0], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsgB565.exe, , [b65434f7d1aa0f2713e86bb80af79b65], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk743F.exe, , [9f6b0328205b41f54caff231f20fb54b], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk9A20.exe, , [9278b17a72092610639867bce918c53b], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskA8C7.exe, , [08022506ff7c72c435c6111234cd8977], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl3608.exe, , [ac5e8c9f760541f575861d06fc05ed13], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso5DBF.exe, , [47c31c0fec8f64d2d62535ee9f6248b8], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nspA934.exe, , [9476d457176474c23dbe9e85837ea45c], PUP.Optional.Bundlore, C:\Users\Andreas\Downloads\setup (1).exe, , [8a80270447347bbbb0969e83ba46de22], PUP.Adware.Agent, C:\Users\Andreas\Downloads\kleine_haie_1080bps.mp4.exe, , [45c513184734c86e336237d00df304fc], PUP.Optional.InstallIQ.A, C:\Users\Andreas\Downloads\frzfonts.exe, , [37d374b70d6ea393578265abf40dd927], PUP.Optional.OpenCandy, C:\Users\Andreas\Downloads\MyPhoneExplorer_Setup_1.8.4.exe, , [4ac0bc6f12696acc91ef0f3a33d112ee], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdater.ico, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\app.dat, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\data.dat, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\Uninstall.exe, , [cf3b07240d6edd59e398cfae51b19070], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\app.dat, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Uninstall.exe, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Websteroids.ico, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\common.crx, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\announce.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\background.html, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\common.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\contentscript.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon.png, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon128.png, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon16.png, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\icon48.png, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\iframecontentscript.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Chrome\unzip\manifest.json, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome.manifest, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\install.rdf, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content\main.js, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\Firefox\chrome\content\overlay.xul, , [5cae161592e9eb4b36593c42d32fa45c], PUP.Optional.Websteroids.A, C:\ProgramData\Websteroids\IE\common.dll, , [5cae161592e9eb4b36593c42d32fa45c], Worm.AutoIT, C:\Win\names.txt, , [d33746e58dee87afac7809b89d658c74], Trojan.Agent, C:\ProgramData\Updater\updater.exe, , [a8623dee3249b086f9cb217e996a9e62], PUP.Optional.Conduit.A, C:\Users\Andreas\AppData\Local\Temp\CT3323737\ddt.csf, , [0a00f833f5866ec817bcaab37e84d62a], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome.manifest, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\install.rdf, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content\main.js, , [e624e6450b70be7846514e158e74a15f], PUP.Optional.Websteroids.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qccujxhm.default\extensions\support@websteroidsapp.com\chrome\content\overlay.xul, , [e624e6450b70be7846514e158e74a15f], Physical Sectors: 0 (No malicious items detected) (end) |
24.04.2014, 12:45 | #4 |
/// the machine /// TB-Ausbilder | Friend Checker, Conduit Search, seltsames Browser Verhalten FRST löschen ud neu laen, auf den Desktop, dann von dort laufne lassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.04.2014, 22:44 | #5 |
| Friend Checker, Conduit Search, seltsames Browser Verhalten Danke. FRST läuft nun, Lösung war: GEht nicht wenn die DOS-Einngabe blockiert ist z.B. durch ein Schutzprogramm. Ich hatte noch weitere 4 Fragen gestellt. Da es sich wohl "nur" um ein bösartiges Addon/ Adware handelt, stelle meine Verseuchungs-Angst zurück. Meine Frage bleibt offen, ob ein sauberes Backup der Broser wieder möglich wird. Für Neuinstallation des Rechners bräuchte ich dieses (von allen 4 Browsern - jaja, kompliziert, aaber jeder kann halt was anderes gut) Mit Dank und Gruß awk PS: WOMIT habe ich mir das alles eingefangen??? Hier die Logs: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014 Ran by Andreas (administrator) on ANDREAS-PC on 27-04-2014 22:16:30 Running from C:\Users\Andreas\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Salfeld Computer) C:\Windows\tray\wintmr.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SANDBOXIE L.T.D) C:\Users\Andreas\SYSTEMprogramme\SbieCtrl.exe (Google Inc.) C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe (Dominik Reichl) C:\Program Files\KeePass Password Safe\KeePass.exe () C:\Program Files\Ditto\Ditto.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Salfeld Computer) C:\Program Files\Salfeld\Kisi\kisiset.exe (Salfeld Computer) C:\Windows\system32\cc32\webtmr.exe (Mozilla Foundation) C:\Program Files\Mozilla Thunderbird\crashreporter.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1640504 2009-08-20] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [MVS Splash] => C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-04] (ActivIdentity) HKLM\...\Run: [] => [X] HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-04] (ActivIdentity) HKLM\...\Run: [File Sanitizer] => c:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11258368 2009-07-15] (Hewlett-Packard) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-05] (IDT, Inc.) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe" HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [ChicoSys] => C:\Windows\system32\cc32\webtmr.exe [6484352 2009-07-14] (Salfeld Computer) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [486264 2013-12-19] (Updater) HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKLM\...\Policies\Explorer: [NoAutorun] 1 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\.DEFAULT\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [6864256 2009-07-14] (Salfeld Computer) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-08-13] (Hewlett-Packard) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [SandboxieControl] => C:\Users\Andreas\SYSTEMprogramme\SbieCtrl.exe [442640 2011-11-23] (SANDBOXIE L.T.D) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Google Update] => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-01] (Google Inc.) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [KeePass Password Safe] => C:\Program Files\KeePass Password Safe\KeePass.exe [2117632 2014-04-06] (Dominik Reichl) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [PC Suite Tray] => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1350144 2012-01-03] () HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [6864256 2009-07-14] (Salfeld Computer) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\system: [DisableClock] 1 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {5b5d81a5-8e33-11e1-902b-0009dd5029c9} - D:\Install.exe HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {91848a7a-159c-11e2-934a-705ab697ae61} - D:\setup.exe -a HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {a4f2663e-f5ae-11e2-963e-705ab697ae61} - G:\LGAutoRun.exe HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-08-13] (Hewlett-Packard) HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [CCWinTray] => C:\windows\tray\wintmr.exe [6864256 2009-07-14] (Salfeld Computer) HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater) HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-13] (Adobe Systems Incorporated) HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1004\...\Policies\Explorer: [RestrictRun] 0 Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_DE&c=92&bd=all&pf=cmnb HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP24D0FC69-CA1C-434F-83A3-000B2DD50441&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP24D0FC69-CA1C-434F-83A3-000B2DD50441&q={searchTerms}&SSPV= SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {742E88D5-9010-46AA-AC14-40BADE3E90B8} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {91343ACB-EAA6-4986-A05A-36A9DE6932D8} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AA84BBDD-C5EB-42FB-9AE5-F26FF3EC83F4}&mid=ef0ba35e35954242925b6c8602ac96fb-42c36a3c1954536467068e2918f4380efc067446&lang=de&ds=wa011&pr=&d=2012-10-22 23:38:44&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {997329D0-5E79-4A8B-878A-8713D269A659} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {C4BA47D3-A495-4814-8EE6-FE7C750E03B2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {C6CA7969-6616-494A-B8C9-403353196BE3} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: OpenLastClosedTab.LastClosedTab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll No File Toolbar: HKLM - &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files\TOOLS\Linkman\LinkmanCom.dll (Outertech) Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.335.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default FF NewTab: hxxp://www.google.com/firefox FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com/firefox FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-XChange\PDF XChange Lite\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-XChange\PDF XChange Lite\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andreas\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andreas\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\bidvoynet-de.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\duckduckgo-1.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\eBay-de.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\google-video.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\idealode.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\mailcom-search.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\medikamentade.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\people-search.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\testberichtede.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\youtube-ssl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: QuickFox Notes - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\amin.eft_bmnotes@gmail.com [2013-11-26] FF Extension: bug682944 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\bug682944@alice0775 [2012-05-18] FF Extension: Pocket - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\isreaditlater@ideashower.com [2013-06-29] FF Extension: KeeFox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\keefox@chris.tomlinson [2014-03-22] FF Extension: Rain Alarm Extension - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\rain-alarm@mdiener.de [2014-03-25] FF Extension: screen-reader-simulator - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\screen-reader-simulator@gaiamobile.org [2014-04-24] FF Extension: Websteroids - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\support@websteroidsapp.com [2014-04-23] FF Extension: AddThis - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012-10-02] FF Extension: WOT - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26] FF Extension: Snip It! Button for eBay - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{aab35b56-0206-4472-9993-9cb5c09bb722} [2012-09-30] FF Extension: DownloadHelper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: Evernote Web Clipper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-22] FF Extension: billiger.de Sparberater - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\ciuvo-extension@billiger.de.xpi [2013-04-25] FF Extension: Firebug - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-28] FF Extension: Email This! Bookmarklet Extension - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\gmailthis@lazyrussian.com.xpi [2011-09-13] FF Extension: DuckDuckGo Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-04-16] FF Extension: Lazarus: Form Recovery - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\lazarus@interclue.com.xpi [2011-12-14] FF Extension: People Lookup - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\mail@sayemislam.com.xpi [2012-01-30] FF Extension: Clearly - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\readable@evernote.com.xpi [2013-05-29] FF Extension: Save Session - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\savesession@noasobi.net.xpi [2011-11-25] FF Extension: ScrapBook Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\scrapbookplus@addons.mozilla.org.xpi [2011-09-13] FF Extension: 如意淘:同款比价,价格曲线,降价提醒 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\shoppingassist@ookong.com.xpi [2012-03-12] FF Extension: Stealthy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\stealthyextension@gmail.com.xpi [2011-12-08] FF Extension: WEB.DE MailCheck - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\toolbar@web.de.xpi [2012-01-04] FF Extension: WikiLook - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\wikilook@testpilot.xpi [2013-04-16] FF Extension: YouTube to MP3 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-10-17] FF Extension: All-in-One Sidebar - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-09-12] FF Extension: Session Manager - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-04-28] FF Extension: Webutation - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2014-04-23] FF Extension: FlashGot - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-19] FF Extension: Unhide Passwords - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2011-12-14] FF Extension: ebayitemdescriptionshowsellerloc - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}.xpi [2012-03-12] FF Extension: Speed Dial - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-12-14] FF Extension: OperaView - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}.xpi [2011-09-12] FF Extension: ImTranslator - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-12] FF Extension: Easy YouTube Video Downloader - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-10-17] FF Extension: Ecosia - The search engine that plants trees - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-02-25] FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-12] FF Extension: BetterPrivacy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-03-12] FF Extension: Tab Mix Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-25] FF Extension: DownThemAll! - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-09-12] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-12-20] FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-20] FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\ FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ [] FF HKCU\...\Firefox\Extensions: [{576c7366-d9f6-439a-a42d-06940409e125}] - C:\Program Files\TubeSaver\130.xpi Chrome: ======= CHR RestoreOnStartup: "https://www.google.com/calendar/render?tab=mc" CHR DefaultSearchKeyword: ecosia.org CHR DefaultSearchProvider: Ecosia CHR DefaultSearchURL: hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll No File CHR Plugin: (ScorchPlugin) - C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll () CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Angry Birds) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-03] CHR Extension: (Poper Blocker) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2013-08-23] CHR Extension: (Hotah) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnjgpdehkocfilimigpgedggkneaacc [2014-01-31] CHR Extension: (Strict Workflow) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2013-08-23] CHR Extension: (Google Calendar) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-03] CHR Extension: (Polycraft) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2014-01-31] CHR Extension: (Planetarium) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-01-03] CHR Extension: (Google Calendar (by Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-02-25] CHR Extension: (Air Hockey) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojagedhadegobocpaokaifiacjiolph [2013-08-20] CHR Extension: (Timer) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2014-01-03] CHR Extension: (The Old Reader) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk [2014-01-03] CHR Extension: (Murder Files) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-01-31] CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-01-03] CHR Extension: (Cut the Rope) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-01-03] CHR Extension: (Any.do Extension) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-08-23] CHR Extension: (Evernote Web) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-08-28] CHR Extension: (Pocket) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-03] CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26] CHR Extension: (Any.do) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2014-01-24] CHR Extension: (Bubble Santa) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbokbbbgkgifjmmbokbdiimcffphbgha [2014-01-03] CHR Extension: (Accurate Ruler) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemefhlbiinkcopbapnfghcnjhlgceof [2014-01-03] CHR Extension: (SpeakIt!) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-01-03] CHR Extension: (Evernote Web Clipper) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-08-28] CHR Extension: (Calculator) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppilpeehmlhboiknckikefgpdkpnhkgc [2014-01-24] CHR HKLM\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\Websteroids\Chrome\common.crx [2013-12-19] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx [2013-12-19] CHR HKLM\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files\TubeSaver\130.crx [2013-12-19] CHR StartMenuInternet: Google Chrome - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation) R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [303184 2009-09-03] (DigitalPersona, Inc.) R2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-06-03] (McAfee, Inc.) S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-08-17] (Hewlett-Packard Ltd) S3 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-10] (Hewlett-Packard) R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [95800 2009-08-20] (Hewlett-Packard) S3 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-08-26] (Hewlett-Packard Development Company, L.P) R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [96312 2009-08-20] (Hewlett-Packard) R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277024 2009-08-13] (McAfee, Inc.) R2 HPFSService; c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [293376 2009-07-15] (Hewlett-Packard) R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC) S2 ksupmgr; C:\Windows\system32\ksupmgr.exe [765592 2010-08-25] (Salfeld Computer) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R2 McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [144704 2009-06-03] (McAfee, Inc.) R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc) R2 SbieSvc; C:\Users\Andreas\SYSTEMprogramme\SbieSvc.exe [72976 2011-11-23] (SANDBOXIE L.T.D) R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0879317fde6173f1\STacSV.exe [221266 2009-08-05] (IDT, Inc.) R2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S2 myAgtSvc; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" /ServiceStart [X] S2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.) S1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-05-22] (AVG Technologies) S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-08-17] (Hewlett-Packard Development Company L.P.) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () R3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.) R3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.) R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.) S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.) R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [48128 2009-09-05] (REDC) R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC) R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40016 2009-08-13] (McAfee, Inc.) R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110448 2009-08-13] () R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51728 2009-08-13] (McAfee, Inc.) R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13184 2009-08-13] (McAfee, Inc.) R3 SbieDrv; C:\Users\Andreas\SYSTEMprogramme\SbieDrv.sys [131856 2011-11-23] (SANDBOXIE L.T.D) R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-27 22:16 - 2014-04-27 22:18 - 00041116 _____ () C:\Users\Andreas\Desktop\FRST.txt 2014-04-27 22:15 - 2014-04-27 22:17 - 00000655 _____ () C:\Windows\system32\cchservice.err 2014-04-27 22:08 - 2014-04-27 22:08 - 00000000 ____D () C:\Users\Andreas\Desktop\FRST-OlderVersion 2014-04-24 11:16 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-24 11:16 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-24 11:16 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-24 11:16 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-24 11:16 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-24 11:16 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-24 11:16 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-24 11:16 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-24 11:16 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-24 11:16 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-24 11:16 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-24 11:16 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-24 11:16 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-24 11:16 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-24 11:16 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-24 11:16 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-24 11:16 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-24 11:16 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-24 11:16 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-24 11:16 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-24 11:16 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-24 11:16 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-24 11:16 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-24 11:16 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-24 11:16 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-24 11:16 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-23 23:09 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-04-23 23:09 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-23 23:09 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-23 23:09 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-23 23:08 - 2014-04-23 23:09 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-04-23 22:57 - 2014-04-23 23:03 - 00000000 ____D () C:\Users\Andreas\Downloads\software media 2014-04-23 21:50 - 2014-04-27 22:08 - 01049600 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe 2014-04-23 21:23 - 2014-04-27 22:16 - 00000000 ____D () C:\FRST 2014-04-16 23:04 - 2014-04-16 23:06 - 00000000 ____D () C:\AdwCleaner 2014-04-16 23:02 - 2014-04-16 23:02 - 00000000 ____D () C:\Program Files\ESET 2014-04-16 22:34 - 2014-04-16 22:34 - 01891395 _____ (Dominik Reichl ) C:\Users\Andreas\Desktop\KeePass-1.27-Setup.exe 2014-04-16 22:14 - 2014-04-16 23:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 21:58 - 2014-04-16 21:58 - 00001197 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\Program Files\AntiPEST 2014-04-16 21:58 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-16 21:58 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-16 21:58 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-16 21:55 - 2014-04-16 21:57 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-16 21:24 - 2014-04-23 21:17 - 00000000 ____D () C:\Users\Andreas\Downloads\AntiPEST 2014-04-10 21:02 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 07:55 - 2014-04-09 07:55 - 00000000 ____D () C:\Users\TEST\AppData\Local\Microsoft Corporation 2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\ATI 2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\TEST\AppData\Local\ATI 2014-04-09 07:53 - 2014-04-10 22:41 - 00146904 _____ () C:\Users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-09 07:52 - 2014-04-09 07:52 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Hewlett-Packard 2014-04-09 07:52 - 2014-04-09 07:52 - 00000000 ____D () C:\Users\TEST\AppData\Local\Hewlett-Packard 2014-04-09 07:51 - 2014-04-09 07:51 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Apple Computer 2014-04-09 07:51 - 2014-04-09 07:51 - 00000000 ____D () C:\Users\TEST\AppData\Local\PDFC 2014-04-09 07:50 - 2014-04-09 07:50 - 00001419 _____ () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-09 07:50 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Salfeld 2014-04-09 07:50 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Adobe 2014-04-09 07:49 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST 2014-04-09 07:49 - 2014-04-09 07:49 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Motorola 2014-04-09 07:49 - 2013-06-26 23:13 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Macromedia 2014-04-09 07:49 - 2011-09-26 21:09 - 00000000 ____D () C:\Users\TEST\AppData\Local\Microsoft Help 2014-04-09 07:49 - 2009-07-27 09:37 - 00000020 ___SH () C:\Users\TEST\ntuser.ini 2014-04-09 07:49 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-09 07:49 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified Files and Folders ======= 2014-04-27 22:19 - 2013-02-14 13:28 - 00000000 ___HD () C:\ProgramData\Device 2014-04-27 22:18 - 2014-04-27 22:16 - 00041116 _____ () C:\Users\Andreas\Desktop\FRST.txt 2014-04-27 22:17 - 2014-04-27 22:15 - 00000655 _____ () C:\Windows\system32\cchservice.err 2014-04-27 22:16 - 2014-04-23 21:23 - 00000000 ____D () C:\FRST 2014-04-27 22:16 - 2012-04-15 19:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-27 22:15 - 2012-04-11 08:21 - 00000016 _____ () C:\Windows\system32\excltmp~.dat 2014-04-27 22:15 - 2011-10-01 13:52 - 00000261 _____ () C:\NET.INI 2014-04-27 22:11 - 2012-01-20 18:35 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-27 22:11 - 2011-11-29 21:13 - 00004720 _____ () C:\Windows\Sandboxie.ini 2014-04-27 22:09 - 2012-01-20 18:35 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-27 22:08 - 2014-04-27 22:08 - 00000000 ____D () C:\Users\Andreas\Desktop\FRST-OlderVersion 2014-04-27 22:08 - 2014-04-23 21:50 - 01049600 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe 2014-04-27 22:02 - 2011-10-01 13:52 - 00000000 ___HD () C:\Program Files\Common Files\System Shared 2014-04-27 22:02 - 2011-10-01 03:35 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA.job 2014-04-27 22:01 - 2011-11-16 03:47 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA.job 2014-04-27 22:01 - 2011-11-16 03:47 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core.job 2014-04-27 22:01 - 2011-10-01 03:35 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core.job 2014-04-27 09:40 - 2012-10-22 23:35 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Ditto 2014-04-26 15:01 - 2010-10-13 22:23 - 01699403 _____ () C:\Windows\WindowsUpdate.log 2014-04-26 14:59 - 2009-10-01 03:18 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-26 14:57 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-26 14:57 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-26 14:52 - 2009-10-01 03:20 - 00000000 ____D () C:\ProgramData\PDFC 2014-04-26 14:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-26 14:50 - 2009-07-14 06:39 - 00408482 _____ () C:\Windows\setupact.log 2014-04-23 23:09 - 2014-04-23 23:08 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-04-23 23:09 - 2013-10-22 23:21 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-23 23:09 - 2012-09-01 13:15 - 00000000 ____D () C:\Program Files\Java 2014-04-23 23:03 - 2014-04-23 22:57 - 00000000 ____D () C:\Users\Andreas\Downloads\software media 2014-04-23 22:59 - 2013-06-26 23:12 - 00000000 ____D () C:\Users\Andreas\Downloads\System Software 2014-04-23 21:17 - 2014-04-16 21:24 - 00000000 ____D () C:\Users\Andreas\Downloads\AntiPEST 2014-04-19 13:28 - 2012-08-08 09:05 - 00000000 ____D () C:\Users\Andreas\.tfo4 2014-04-18 22:21 - 2013-09-17 18:54 - 00000000 ____D () C:\Program Files\StarMoney 9.0 2014-04-16 23:06 - 2014-04-16 23:04 - 00000000 ____D () C:\AdwCleaner 2014-04-16 23:02 - 2014-04-16 23:02 - 00000000 ____D () C:\Program Files\ESET 2014-04-16 23:01 - 2014-04-16 22:14 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 22:41 - 2011-12-20 01:04 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk 2014-04-16 22:41 - 2011-12-20 01:04 - 00001055 _____ () C:\Users\Andreas\Desktop\KeePass.lnk 2014-04-16 22:41 - 2011-12-20 01:04 - 00000000 ____D () C:\Program Files\KeePass Password Safe 2014-04-16 22:34 - 2014-04-16 22:34 - 01891395 _____ (Dominik Reichl ) C:\Users\Andreas\Desktop\KeePass-1.27-Setup.exe 2014-04-16 21:58 - 2014-04-16 21:58 - 00001197 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 21:58 - 2014-04-16 21:58 - 00000000 ____D () C:\Program Files\AntiPEST 2014-04-16 21:57 - 2014-04-16 21:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-16 21:07 - 2011-11-29 21:24 - 00000000 ____D () C:\Users\Andreas\Downloads\KeePass-1.20 2014-04-16 18:21 - 2009-10-01 03:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-16 18:19 - 2013-07-29 08:50 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-16 18:11 - 2011-11-14 23:57 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-14 20:13 - 2014-04-23 23:09 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-04-14 20:05 - 2014-04-23 23:09 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-14 20:05 - 2014-04-23 23:09 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-14 20:04 - 2014-04-23 23:09 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-11 07:14 - 2011-12-19 22:33 - 00000000 ____D () C:\Program Files\StarMoney 8.0 2014-04-10 22:41 - 2014-04-09 07:53 - 00146904 _____ () C:\Users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-09 07:55 - 2014-04-09 07:55 - 00000000 ____D () C:\Users\TEST\AppData\Local\Microsoft Corporation 2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\ATI 2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\TEST\AppData\Local\ATI 2014-04-09 07:52 - 2014-04-09 07:52 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Hewlett-Packard 2014-04-09 07:52 - 2014-04-09 07:52 - 00000000 ____D () C:\Users\TEST\AppData\Local\Hewlett-Packard 2014-04-09 07:51 - 2014-04-09 07:51 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Apple Computer 2014-04-09 07:51 - 2014-04-09 07:51 - 00000000 ____D () C:\Users\TEST\AppData\Local\PDFC 2014-04-09 07:50 - 2014-04-09 07:50 - 00001419 _____ () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-09 07:50 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Salfeld 2014-04-09 07:50 - 2014-04-09 07:50 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Adobe 2014-04-09 07:50 - 2014-04-09 07:49 - 00000000 ____D () C:\Users\TEST 2014-04-09 07:50 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-09 07:50 - 2009-07-14 04:04 - 00000499 _____ () C:\Windows\win.ini 2014-04-09 07:49 - 2014-04-09 07:49 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Motorola 2014-04-04 13:18 - 2011-12-14 00:48 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc 2014-04-03 09:51 - 2014-04-16 21:58 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-16 21:58 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-16 21:58 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 22:15 - 2014-01-19 15:34 - 00000000 ____D () C:\Users\Andreas\Desktop\MONA PHOTOS 2014-03-31 09:35 - 2011-09-12 10:25 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-30 23:06 - 2013-01-22 18:30 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-03-30 23:06 - 2013-01-22 18:30 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk 2014-03-28 00:25 - 2012-05-18 17:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-28 00:25 - 2011-11-15 09:46 - 00020428 _____ () C:\Windows\PFRO.log Some content of TEMP: ==================== C:\Users\Andreas\AppData\Local\Temp\FileSystemView.dll C:\Users\Andreas\AppData\Local\Temp\fox5325.exe C:\Users\Andreas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Andreas\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Andreas\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Andreas\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Andreas\AppData\Local\Temp\nsb96F9.exe C:\Users\Andreas\AppData\Local\Temp\nsbF218.exe C:\Users\Andreas\AppData\Local\Temp\nsgE9FB.exe C:\Users\Andreas\AppData\Local\Temp\nsrA119.exe C:\Users\Andreas\AppData\Local\Temp\nst63AB.exe C:\Users\Andreas\AppData\Local\Temp\nsw9B1F.exe C:\Users\Andreas\AppData\Local\Temp\nswEE50.exe C:\Users\Andreas\AppData\Local\Temp\proxy_util_w32.dll C:\Users\Andreas\AppData\Local\Temp\setup{97E2961E-BFC3-4F89-8CD0-825CCBAC3110}.exe C:\Users\Andreas\AppData\Local\Temp\SPSetup.exe C:\Users\Andreas\AppData\Local\Temp\tbsTMP.exe C:\Users\Andreas\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe C:\Users\Monika\AppData\Local\Temp\fqqsc5od.dll C:\Users\Monika\AppData\Local\Temp\rt507gxw.dll C:\Users\Mr.Backup\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Mr.Backup\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\TEST\AppData\Local\Temp\o6hw5iub.dll C:\Users\TEST\AppData\Local\Temp\rmmwricn.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 19:59 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- und Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014 Ran by Andreas at 2014-04-27 22:21:12 Running from C:\Users\Andreas\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 1.36 (HKLM\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) AbiWord 2.8.4 (HKLM\...\AbiWord2) (Version: 2.8.4 - AbiSource Developers) ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity) ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AM-DeadLink 4.6 (HKLM\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com) Analog Clock (HKCU\...\Analog Clock) (Version: - Opera widgets) Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{506C2F0A-2C04-BDA8-8B90-0A3DF65ED67E}) (Version: 3.0.732.0 - ATI Technologies, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 1995397856.48.56.3607922 - Audible, Inc.) Auktionatrix - der schnelle Weg zu eBay (HKLM\...\{02E8DF80-DFB9-4C56-8CB9-AFA1CE97AF9C}) (Version: 4.11.10.0 - Z-Dev) BayDesigner - Deinstallation (HKLM\...\BayDesigner_is1) (Version: 1.35 - Mathias Gerlach [aborange.de]) BayWatcher Pro - Deinstallation (HKLM\...\BayWatcher_is1) (Version: 8.05 - Mathias Gerlach & Jochen Milchsack [aborange.de]) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.30.21.0 - Broadcom Corporation) Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version: - ) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2009.0909.1747.30091 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2009.0909.1747.30091 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2009.0909.1747.30091 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2009.0909.1747.30091 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2009.0909.1747.30091 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (Version: 2009.0909.1747.30091 - ATI) Hidden CCC Help Chinese Standard (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Chinese Traditional (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Czech (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Danish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Dutch (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help English (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Finnish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help French (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help German (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Greek (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Hungarian (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Italian (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Japanese (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Korean (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Norwegian (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Polish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Portuguese (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Russian (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Spanish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Swedish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Thai (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Turkish (Version: 2009.0909.1746.30091 - ATI) Hidden ccc-core-static (Version: 2009.0909.1747.30091 - ATI) Hidden ccc-utility (Version: 2009.0909.1747.30091 - ATI) Hidden CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev) Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.1 - Hewlett-Packard) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden) doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) Drive Encryption (HKLM\...\{77ECDC11-EC6B-4027-AD94-60E839F256FB}) (Version: 5.0.1.2 - Hewlett-Packard) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) eDocPrintPro (HKLM\...\eDocPrintPro) (Version: - ) Elastic Soccer v1.0 (HKLM\...\{0FB9C428-F598-49FF-9C90-B1821FF90486}_is1) (Version: - Nowstat.com) EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation) EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Evernote v. 5.1.2 (HKLM\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.) Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff) Faxdrucker (HKLM\...\{44FEE3D0-362E-4439-A976-51825DDAC61F}) (Version: 0.1 - simple-fax.de) File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.0.7 - Hewlett-Packard) FileParade bundle uninstaller (HKLM\...\FileParade bundle uninstaller) (Version: 1.0.0.0 - FileParade) <==== ATTENTION FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project) Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) FreeCommander 2009.02b (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) German - with < > | (HKLM\...\{724D0DBA-3F2F-4AE2-B16C-DAAB7FCB7F49}) (Version: 1.0.3.40 - HP) Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard) HP Advisor (HKLM\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9212.3114 - Hewlett-Packard) HP Common Access Service Library (HKLM\...\{AFCFBA3D-D2EB-4F44-A7F6-5384CE5090DA}) (Version: 3.0.31.1 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard) HP Power Assistant (HKLM\...\{B07A6D31-EDE9-415A-9278-07400F7FCCD5}) (Version: 1.0.0.31 - Hewlett-Packard) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.00.516 - Hewlett-Packard) HP ProtectTools Security Manager (Version: 5.00.516 - Hewlett-Packard) Hidden HP QuickLook (HKLM\...\{6B11BCAC-CE60-418E-A0BD-F773EC1194E5}) (Version: 3.0.0.19 - Hewlett-Packard) HP QuickWeb (HKLM\...\{7861911B-4270-498A-8F7A-FCF0570F4800}) (Version: 1.0.1.32 - DeviceVM, Inc.) HP Setup (HKLM\...\{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}) (Version: 1.2.3215.3078 - Hewlett-Packard) HP Software Setup (HKLM\...\{C66A15C3-1435-49AA-9F20-F854E2E91A6C}) (Version: 6.0.1.7 - Hewlett-Packard) HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard) HP User Guides 0142 (HKLM\...\{10A11115-4EFC-4E86-BFC1-D53A478556A1}) (Version: 1.01.0001 - Hewlett-Packard) HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{3E497776-1FCB-4921-91DC-D26E7F636B62}) (Version: 4.0.0.31 - Hewlett-Packard) HPAsset component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden iCopy (HKLM\...\iCopy) (Version: 1.6.0 - Matteo Rossi) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6229.0 - IDT) Internet Updater (HKLM\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard) Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.390 - Oracle) KeePass Password Safe 1.27 (HKLM\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl) Kindersicherung 2012 (HKLM\...\Kindersicherung_is1) (Version: - Salfeld Computer GmbH) Kolab E5 Client 2012-07-31-07-47 (HKLM\...\Kolab E5 Client) (Version: - ) L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version: - ) L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version: - ) Lame ACM MP3 Codec (HKLM\...\LameACM) (Version: - ) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Lauge 3.0.4.beta (HKLM\...\Lauge_is1) (Version: 3.0.4.beta - Waldemar Derr) Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version: - ) LesefixPRO (HKLM\...\{00DDD9E0-E95F-4470-8767-26B76164A315}) (Version: 8.00 - Dr. Michael Schlesier) LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics) LibreOffice 3.3 (HKLM\...\{1A97CF67-FEBB-436E-BD64-431FFEF72EB8}) (Version: 3.3.8 - LibreOffice) LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe) Linkman (HKLM\...\Linkman) (Version: 8.71 - Outertech) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) McAfee Virus and Spyware Protection Service (HKLM\...\MVS) (Version: 4.9.2.335 - McAfee, Inc.) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Russian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (Bulgarian) 2007 (Version: 12.0.4518.1042 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (Latvian) 2007 (Version: 12.0.4518.1045 - Microsoft Corporation) Hidden Microsoft Office Proofing (Lithuanian) 2007 (Version: 12.0.4518.1048 - Microsoft Corporation) Hidden Microsoft Office Proofing (Romanian) 2007 (Version: 12.0.4518.1039 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation) Microsoft Office Word MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft RichCopy 4.0 (HKLM\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mindomo Desktop (HKLM\...\MindomoDesktop) (Version: 6.84 - Expert Software Applications Srl) Mindomo Desktop (Version: 6.84 - Expert Software Applications Srl) Hidden mobilant.de Client (HKLM\...\mobilant) (Version: 1.0 - F.J. Wechselberger) Mobile Master (Version: 7.9.14 - Jumping Bytes) Hidden Mobile Master 7.9.14 (HKLM\...\Mobile Master) (Version: 7.9.14 - Jumping Bytes) MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola) MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MuseScore 1.1 MuseScore score typesetter (HKLM\...\MuseScore) (Version: 1.1.0 - Werner Schweer and Others) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger) Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia Maps 3D browser plugin for Internet Explorer (5.7.1.0) (HKCU\...\Nokia Maps 3D browser plugin for Internet Explorer) (Version: 5.7.1.0 - Nokia) Open Last Closed Tab - Internet Explorer Extension (HKLM\...\OpenLastClosedTab) (Version: 4.1.0.0 - MuvEnum) Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA) PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd) PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.213.1 - Tracker Software Products Ltd) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Pre-Boot Security for HP ProtectTools (Version: 5.0.6.1 - Hewlett-Packard) Hidden PreisHai 4.2 (HKLM\...\PreisHai_is1) (Version: - Elmar Denkmann) Privacy Manager for HP ProtectTools (HKLM\...\{2F77F045-8B4E-40B7-8130-56076F85C38E}) (Version: 5.00.712 - Hewlett-Packard) PureSync (Version: 3.7.2 - Jumping Bytes) Hidden PureSync 3.7.2 (HKLM\...\PureSync) (Version: 3.7.2 - Jumping Bytes) QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) RealSpeak Solo fur Deutsch - Steffi (HKLM\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.12.00.05 - RICOH) Roxio Activation Module (Version: 1.0 - Roxio) Hidden Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden Sandboxie 3.62 (32-bit) (HKLM\...\Sandboxie) (Version: 3.62 - SANDBOXIE L.T.D) Seesu (HKCU\...\Seesu) (Version: - Gleb Arestov) Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software) simple-fax.de Version 1 (HKLM\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden SpeedCommander 11 (HKLM\...\SpeedCommander 11) (Version: 11 - SpeedProject) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) StarMoney (Version: 2.0 - StarFinanz) Hidden StarMoney (Version: 3.0.1.31 - StarFinanz) Hidden StarMoney (Version: 4.0.1.51 - StarFinanz) Hidden StarMoney 7.0 (HKLM\...\{3A116B91-77B5-463A-8B77-6FBDE5BAA661}) (Version: 7.0 - Star Finanz GmbH) StarMoney 8.0 (HKLM\...\{6A75F8FA-3A8C-4A11-8628-43ADC5332BEF}) (Version: 8.0 - Star Finanz GmbH) StarMoney 9.0 (HKLM\...\{CC4F180B-8D7D-44E1-A061-A1B6DDD653CC}) (Version: 9.0 - Star Finanz GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated) SyncBack (HKLM\...\SyncBack_is1) (Version: - 2BrightSparks) Synkron 1.6.2 (HKLM\...\Tomlein.Synkron_is1) (Version: 1.6.2 - Matúš Tomlein) TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer) Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.15 - Hewlett-Packard) Theft Recovery (Version: 5.1.0.15 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0402-0000-0000000FF1CE}_PROHYBRIDR_{F8AE4EBB-CCF5-45FB-B527-E88B4DC37278}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0418-0000-0000000FF1CE}_PROHYBRIDR_{2CD437DF-B0CD-43D2-A344-07C9FAC961F4}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0426-0000-0000000FF1CE}_PROHYBRIDR_{64057C60-03F0-4E29-B2E2-DCB6A1886F33}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0427-0000-0000000FF1CE}_PROHYBRIDR_{CC873AD1-9842-4A46-AF2A-3ED0F3F1452C}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft) Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0 - McAfee Inc.) Hidden VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) WEB.DE Online-Speicher 1.3.1234.0 (HKCU\...\WEB.DE Application {sync-000021}) (Version: 1.3.1234.0 - 1&1 Mail & Media GmbH) WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH) WEB.DE Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH) Websteroids (HKLM\...\Websteroids) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.8 - Hewlett-Packard) Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. ) Wuala (HKCU\...\Wuala) (Version: 1.0.411.0 - LaCie) Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) ==================== Restore Points ========================= 23-02-2014 18:00:14 Windows Backup 04-03-2014 14:52:21 Windows Backup 10-03-2014 14:30:50 Windows Backup ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1C2D18F9-AA3F-4BCA-B98C-6BCA255BDB40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.) Task: {2EE8AA8D-D206-4C3A-ABC4-3C81FDD16626} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.) Task: {31B6FAE7-F9FC-4B66-8F80-8F1FCB661B64} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {45ADE483-6146-40DB-8021-6C3D5E21A998} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH) Task: {46FC6A6B-8F1A-4DB8-A041-32D5110D4F83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.) Task: {543143EE-FBFF-4BA8-BFF6-0C266FB6DD04} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {562032F5-CFB6-4273-BA02-BE7B85ED9FF9} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-10] (Hewlett-Packard) Task: {5625CBF6-57FE-4D98-9CD1-BA4CD8A511ED} - System32\Tasks\OperaBookmarks => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Operasave11.exe [2013-08-20] () Task: {592BC37C-F4D1-4579-A987-FBB5506CE04A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.) Task: {6CEC5E53-6AB2-41FC-A3D5-B65C1CBF011F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {6EBE3D25-1606-429C-A4C0-D06AF8E76A10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.) Task: {7333E2D8-2FEE-45CF-8664-50D5ED5BBBD7} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {74A3E3A2-C334-4AF1-8189-8684FAD401B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated) Task: {95A1B0B2-E0F7-42D9-B7C8-B91A7C275888} - System32\Tasks\Firesave => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Firesave11.exe [2013-08-20] () Task: {B5361521-D7CF-4099-B24D-2F3D232EBEFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {C01C8BE0-BD5C-44D8-97E3-70915D71CAA5} - System32\Tasks\{9813CE5C-8F35-4835-AC86-B55B5816A9BD} => Firefox.exe Task: {CE30372A-0F34-4A3E-904C-A2C0412D3A5E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {E58361F0-3D6E-48F2-913E-E9337A15D1C0} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-10] (Hewlett-Packard) Task: {EF570923-0D65-4B54-B77C-75D729D87533} - System32\Tasks\thundersave => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Thundersave11.exe [2013-08-20] () Task: {F2E7D8D1-09FE-4DFC-8CE5-6BDCFD272684} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core.job => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA.job => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core.job => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA.job => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-08-17 21:26 - 2009-08-17 21:26 - 00300600 _____ () C:\Windows\system32\flcdlmsg.dll 2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2009-08-20 22:15 - 2009-08-20 22:15 - 00051768 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll 2009-08-20 22:15 - 2009-08-20 22:15 - 00051256 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll 2012-10-22 23:34 - 2012-01-03 20:00 - 01350144 _____ () C:\Program Files\Ditto\Ditto.exe 2012-10-22 23:34 - 2012-01-03 19:59 - 00008192 _____ () C:\Program Files\Ditto\focus.dll 2014-01-22 14:29 - 2014-01-22 14:29 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll 2014-01-22 14:29 - 2014-01-22 14:29 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll 2009-06-11 01:30 - 2009-06-11 01:30 - 00098304 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-10-13 22:23 - 2010-10-13 22:23 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-03-23 22:07 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-03-13 21:54 - 2014-03-13 21:54 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll 2014-03-21 15:47 - 2014-03-21 15:47 - 03018864 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll 2014-03-21 15:47 - 2014-03-21 15:47 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll 2014-03-21 15:47 - 2014-03-21 15:47 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ksupmgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Google Update => "C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: McAfee Managed Services Tray => C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized ==================== Faulty Device Manager Devices ============= Name: avgtp Description: avgtp Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: avgtp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (04/27/2014 10:03:14 PM) (Source: Application Error) (User: ) Description: Faulting application name: updater.exe, version: 1.0.0.1, time stamp: 0x52b21c71 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1834 Faulting application start time: 0xupdater.exe0 Faulting application path: updater.exe1 Faulting module path: updater.exe2 Report Id: updater.exe3 Error: (04/27/2014 10:02:22 PM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (04/27/2014 10:02:08 PM) (Source: Application Error) (User: ) Description: Faulting application name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676 Faulting module name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676 Exception code: 0xc0000005 Fault offset: 0x000061fe Faulting process id: 0x2a08 Faulting application start time: 0xccsync.exe0 Faulting application path: ccsync.exe1 Faulting module path: ccsync.exe2 Report Id: ccsync.exe3 Error: (04/27/2014 10:02:08 PM) (Source: Application Error) (User: ) Description: Faulting application name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676 Faulting module name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676 Exception code: 0xc0000005 Fault offset: 0x000061fe Faulting process id: 0x2064 Faulting application start time: 0xccsync.exe0 Faulting application path: ccsync.exe1 Faulting module path: ccsync.exe2 Report Id: ccsync.exe3 Error: (04/27/2014 09:47:16 AM) (Source: HP Advisor) (User: ) Description: Timestamp: 04.27.2014 09:47:16.032; Category: FATAL; Priority:(4); Win32 Thread Id: [4088]; Message: Application::OnStartup() failed !!!, shutdown application... ; EventId: 400; Severity: Critical; Machine: ANDREAS-PC; Application Domain: HPAdvisor.exe; Process Id: 7768; Process Name: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended Properties: Error: (04/20/2014 07:00:03 PM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (04/19/2014 08:06:13 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/16/2014 07:07:16 PM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (04/10/2014 10:42:14 PM) (Source: HP Advisor) (User: ) Description: Timestamp: 04.10.2014 22:42:14.290; Category: FATAL; Priority:(4); Win32 Thread Id: [9328]; Message: Application::OnStartup() failed !!!, shutdown application... ; EventId: 400; Severity: Critical; Machine: ANDREAS-PC; Application Domain: HPAdvisor.exe; Process Id: 9324; Process Name: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended Properties: Error: (04/10/2014 08:29:54 AM) (Source: Application Error) (User: ) Description: Faulting application name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676 Faulting module name: ccsync.exe, version: 6.418.0.0, time stamp: 0x52677676 Exception code: 0xc0000005 Fault offset: 0x000061fe Faulting process id: 0x1a38 Faulting application start time: 0xccsync.exe0 Faulting application path: ccsync.exe1 Faulting module path: ccsync.exe2 Report Id: ccsync.exe3 System errors: ============= Error: (04/27/2014 10:04:48 PM) (Source: atikmdag) (User: ) Description: Display is not active Error: (04/27/2014 10:04:07 PM) (Source: atikmdag) (User: ) Description: Display is not active Error: (04/27/2014 10:01:04 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/27/2014 10:01:03 PM) (Source: atikmdag) (User: ) Description: Display is not active Error: (04/27/2014 09:39:59 AM) (Source: atikmdag) (User: ) Description: Display is not active Error: (04/27/2014 09:22:28 AM) (Source: atikmdag) (User: ) Description: Display is not active Error: (04/26/2014 02:51:59 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: avgtp Error: (04/26/2014 02:51:33 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater15.2.0 service failed to start due to the following error: %%2 Error: (04/26/2014 02:51:16 PM) (Source: Service Control Manager) (User: ) Description: The McAfee Virus and Spyware Protection Service service failed to start due to the following error: %%2 Error: (04/26/2014 02:50:53 PM) (Source: Service Control Manager) (User: ) Description: The UAC File Virtualization service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-04-27 09:57:17.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-27 09:48:29.737 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-27 09:39:59.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-24 11:15:45.181 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-24 11:02:17.822 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-23 22:14:33.679 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-23 22:03:49.521 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-23 21:23:05.977 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-23 21:11:12.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-16 22:31:41.415 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 69% Total physical RAM: 2812.7 MB Available physical RAM: 865.49 MB Total Pagefile: 5623.7 MB Available Pagefile: 2898.8 MB Total Virtual: 2047.88 MB Available Virtual: 1919.99 MB ==================== Drives ================================ Drive c: (WIN7_C) (Fixed) (Total:280.79 GB) (Free:130.39 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.51 GB) FAT32 Drive g: () (Removable) (Total:3.72 GB) (Free:3.39 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: B8DEA2D4) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=83) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x86 Ran by Andreas on 27.04.2014 at 23:18:24,54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\f Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\tubesaver Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_free-mp3-wma-converter_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_free-mp3-wma-converter_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\optimizer pro" Successfully deleted: [Folder] "C:\Program Files\sweetpacks bundle uninstaller" Successfully deleted: [Folder] "C:\Users\Andreas\documents\optimizer pro" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\xgqgx91o.default\extensions\support@websteroidsapp.com Successfully deleted the following from C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\xgqgx91o.default\prefs.js user_pref("avg.install.userHPSettings", "hxxps://isearch.avg.com/?cid={AA84BBDD-C5EB-42FB-9AE5-F26FF3EC83F4}&mid=ef0ba35e35954242925b6c8602ac96fb-42c36a3c1954536467068e2918f43 Emptied folder: C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\xgqgx91o.default\minidumps [69 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy] Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27.04.2014 at 23:33:27,35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Geändert von awk (27.04.2014 um 22:47 Uhr) Grund: frage erweitert |
28.04.2014, 09:18 | #6 |
/// the machine /// TB-Ausbilder | Friend Checker, Conduit Search, seltsames Browser Verhalten Deine Frage verstehe ich nicht. Meinst Du im Anschluss an die bereinigung ein sauberes Backup der Browser machen? Die Browser müsen warscheinlich eh neu instaliert und zurückgesetzt werden, wenn Sie nach der ganzen Adware keine Ruhe geben. Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Frisches FRST log bitte. Noch probleme?
__________________ --> Friend Checker, Conduit Search, seltsames Browser Verhalten |
14.10.2014, 16:12 | #7 |
| Problem ungelöst Hallo, habe im TB gesucht und durch Zufall meinen eingenen Eintrag wieder gefunden... Problem besteht weiter und ich bin kurz davor, den Rechner komplett platt zu machen. Alles versuchte half nichts. Akuell: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01 Ran by Andreas (administrator) on ANDREAS-PC on 14-10-2014 16:23:19 Running from C:\Users\Andreas\Desktop Loaded Profile: Andreas (Available profiles: Andreas & Monika & Mona & TEST) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Salfeld Computer) C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) C:\Windows\tray\wintmr.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Updater) C:\ProgramData\Updater\updater.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (SANDBOXIE L.T.D) C:\Users\Andreas\SYSTEMprogramme\SbieCtrl.exe (Dominik Reichl) C:\Program Files\KeePass Password Safe\KeePass.exe () C:\Program Files\Ditto\Ditto.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1640504 2009-08-20] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [MVS Splash] => C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-04] (ActivIdentity) HKLM\...\Run: [] => [X] HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-04] (ActivIdentity) HKLM\...\Run: [File Sanitizer] => c:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11258368 2009-07-15] (Hewlett-Packard) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-05] (IDT, Inc.) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe" HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [ChicoSys] => C:\Windows\system32\cc32\webtmr.exe [6634624 2009-07-14] (Salfeld Computer) HKLM\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [486264 2013-12-19] (Updater) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoAutorun] 1 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-08-13] (Hewlett-Packard) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [SandboxieControl] => C:\Users\Andreas\SYSTEMprogramme\SbieCtrl.exe [442640 2011-11-23] (SANDBOXIE L.T.D) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Google Update] => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-01] (Google Inc.) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [KeePass Password Safe] => C:\Program Files\KeePass Password Safe\KeePass.exe [2117632 2014-04-06] (Dominik Reichl) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [PC Suite Tray] => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1350144 2012-01-03] () HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [7099008 2009-07-14] (Salfeld Computer) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater) HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\system: [DisableClock] 1 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {5b5d81a5-8e33-11e1-902b-0009dd5029c9} - D:\Install.exe HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {91848a7a-159c-11e2-934a-705ab697ae61} - D:\setup.exe -a HKU\S-1-5-21-1624768357-4126066135-592724133-1002\...\MountPoints2: {a4f2663e-f5ae-11e2-963e-705ab697ae61} - G:\LGAutoRun.exe HKU\S-1-5-18\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [7099008 2009-07-14] (Salfeld Computer) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {BBE889A1-1AE6-4482-912B-F2B77654EEDB} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - DefaultScope {C6CA7969-6616-494A-B8C9-403353196BE3} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {742E88D5-9010-46AA-AC14-40BADE3E90B8} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {91343ACB-EAA6-4986-A05A-36A9DE6932D8} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {997329D0-5E79-4A8B-878A-8713D269A659} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {C4BA47D3-A495-4814-8EE6-FE7C750E03B2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {C6CA7969-6616-494A-B8C9-403353196BE3} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: OpenLastClosedTab.LastClosedTab -> {e15e75e9-a653-42a3-8d05-f2f7e309bdca} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKLM - &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files\TOOLS\Linkman\LinkmanCom.dll (Outertech) Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.335.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default FF DefaultSearchEngine: Ecosia FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Ecosia FF Homepage: about:home FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF NetworkProxy: "ftp", "185.49.15.25" FF NetworkProxy: "ftp_port", 7808 FF NetworkProxy: "http", "185.49.15.25" FF NetworkProxy: "http_port", 7808 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "185.49.15.25" FF NetworkProxy: "socks_port", 7808 FF NetworkProxy: "ssl", "185.49.15.25" FF NetworkProxy: "ssl_port", 7808 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange\PDF XChange Lite\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange\PDF XChange Lite\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\bidvoynet-de.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\duckduckgo-1.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\eBay-de.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\google-video.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\idealode.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\mailcom-search.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\medikamentade.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\people-search.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\testberichtede.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\searchplugins\youtube-ssl.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\duckduckgo-de.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\duckduckgo-html.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\firefox-add-ons.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\idealode.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\metager.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\mp3-search.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\openstreetmap.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\privatelee-https.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\wot-scorecard.xml FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: QuickFox Notes - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\amin.eft_bmnotes@gmail.com [2014-04-27] FF Extension: bug682944 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\bug682944@alice0775 [2012-05-18] FF Extension: CLEO - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\CLEO@guid.customsoftwareconsult.com [2014-07-13] FF Extension: Pocket - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\isreaditlater@ideashower.com [2014-07-04] FF Extension: KeeFox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\keefox@chris.tomlinson [2014-10-13] FF Extension: Rain Alarm Extension - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\rain-alarm@mdiener.de [2014-03-25] FF Extension: screen-reader-simulator - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\screen-reader-simulator@gaiamobile.org [2014-09-04] FF Extension: WEB.DE MailCheck - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\toolbar@web.de [2014-09-18] FF Extension: AddThis - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012-10-02] FF Extension: FEBE - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-09-18] FF Extension: WOT - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26] FF Extension: Snip It! Button for eBay - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{aab35b56-0206-4472-9993-9cb5c09bb722} [2012-09-30] FF Extension: DownloadHelper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-18] FF Extension: Evernote Web Clipper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-22] FF Extension: billiger.de Sparberater - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\ciuvo-extension@billiger.de.xpi [2013-04-25] FF Extension: Firebug - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-28] FF Extension: GutscheinDoktor Toolbar - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\FirefoxToolbar@gutscheindoktor.de.xpi [2014-10-13] FF Extension: Email This! Bookmarklet Extension - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\gmailthis@lazyrussian.com.xpi [2011-09-13] FF Extension: Trusted Shops Add-On für Firefox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\jid1-PBNne26X1Kn6hQ@jetpack.xpi [2014-09-18] FF Extension: DuckDuckGo Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-04-16] FF Extension: Lazarus: Form Recovery - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\lazarus@interclue.com.xpi [2011-12-14] FF Extension: People Lookup - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\mail@sayemislam.com.xpi [2012-01-30] FF Extension: Clearly - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\readable@evernote.com.xpi [2013-05-29] FF Extension: Save Session - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\savesession@noasobi.net.xpi [2011-11-25] FF Extension: ScrapBook Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\scrapbookplus@addons.mozilla.org.xpi [2011-09-13] FF Extension: 如意淘:同款比价,价格曲线,降价提醒 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\shoppingassist@ookong.com.xpi [2012-03-12] FF Extension: Stealthy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\stealthyextension@gmail.com.xpi [2011-12-08] FF Extension: WikiLook - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\wikilook@testpilot.xpi [2013-04-16] FF Extension: YouTube to MP3 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-10-17] FF Extension: All-in-One Sidebar - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-09-12] FF Extension: Session Manager - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-04-28] FF Extension: Webutation - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2014-04-23] FF Extension: FlashGot - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-19] FF Extension: Unhide Passwords - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2011-12-14] FF Extension: ebayitemdescriptionshowsellerloc - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}.xpi [2012-03-12] FF Extension: Speed Dial - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-12-14] FF Extension: OperaView - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}.xpi [2011-09-12] FF Extension: ImTranslator - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-12] FF Extension: Easy YouTube Video Downloader - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-10-17] FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-02-25] FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-12] FF Extension: BetterPrivacy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-03-12] FF Extension: Tab Mix Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-25] FF Extension: DownThemAll! - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\xgqgx91o.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-09-12] FF Extension: CLEO - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\CLEO@guid.customsoftwareconsult.com [2014-07-13] FF Extension: FEBE - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-07-13] FF Extension: Snip It! Button for eBay - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{aab35b56-0206-4472-9993-9cb5c09bb722} [2014-08-01] FF Extension: Evernote Web Clipper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-14] FF Extension: Clearly - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\readable@evernote.com.xpi [2014-07-14] FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-08-01] FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2014-07-14] FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wy9a448b.REPAIR\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-07-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-12-20] FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-20] FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1 FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1 [2012-03-06] FF HKCU\...\Firefox\Extensions: [{576c7366-d9f6-439a-a42d-06940409e125}] - C:\Program Files\TubeSaver\130.xpi FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-03] CHR Extension: (Poper Blocker) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2013-08-23] CHR Extension: (Hotah) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnjgpdehkocfilimigpgedggkneaacc [2014-01-31] CHR Extension: (Strict Workflow) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2013-08-23] CHR Extension: (Google Calendar) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-03] CHR Extension: (Polycraft) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2014-01-31] CHR Extension: (Planetarium) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-01-03] CHR Extension: (Google Calendar (by Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-02-25] CHR Extension: (Air Hockey) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojagedhadegobocpaokaifiacjiolph [2013-08-20] CHR Extension: (Timer) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2014-01-03] CHR Extension: (The Old Reader) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk [2014-01-03] CHR Extension: (Murder Files) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-01-31] CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-01-03] CHR Extension: (Cut the Rope) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-01-03] CHR Extension: (Any.do Extension) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-08-23] CHR Extension: (Evernote Web) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-08-28] CHR Extension: (Pocket) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-03] CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26] CHR Extension: (Any.do) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2014-01-24] CHR Extension: (Bubble Santa) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbokbbbgkgifjmmbokbdiimcffphbgha [2014-01-03] CHR Extension: (Accurate Ruler) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemefhlbiinkcopbapnfghcnjhlgceof [2014-01-03] CHR Extension: (SpeakIt!) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-01-03] CHR Extension: (Evernote Web Clipper) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-08-28] CHR Extension: (Calculator) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppilpeehmlhboiknckikefgpdkpnhkgc [2014-01-24] CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Angry Birds) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-03] CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-03] CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03] CHR Extension: (Poper Blocker) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2014-02-05] CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03] CHR Extension: (Adblock Plus) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-31] CHR Extension: (Hotah) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfnjgpdehkocfilimigpgedggkneaacc [2014-02-05] CHR Extension: (Strict Workflow) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-01-03] CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03] CHR Extension: (Google Kalender) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-03] CHR Extension: (Polycraft) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2014-02-05] CHR Extension: (Planetarium) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-01-03] CHR Extension: (Google Kalender (von Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-02-25] CHR Extension: (Timer) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2014-01-03] CHR Extension: (The Old Reader) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk [2014-01-03] CHR Extension: (Websteroids) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2014-05-04] CHR Extension: (Murder Files) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-02-05] CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-01-03] CHR Extension: (Button Snip Dies! für eBay) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhaoojkpcgaobmnnphdpdokcgdiibblh [2014-08-31] CHR Extension: (Any.do Extension) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-01-03] CHR Extension: (Evernote Web) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-01-03] CHR Extension: (Pocket) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-03] CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03] CHR Extension: (Any.do) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2014-02-05] CHR Extension: (Lineal zum Messen) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pemefhlbiinkcopbapnfghcnjhlgceof [2014-01-03] CHR Extension: (SpeakIt!) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-01-03] CHR Extension: (Evernote Web Clipper) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-01-03] CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03] CHR Extension: (Calculator - Rechner) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppilpeehmlhboiknckikefgpdkpnhkgc [2014-02-05] CHR HKLM\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\Websteroids\Chrome\common.crx [2014-05-04] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx [2014-05-04] CHR StartMenuInternet: Google Chrome - C:\Users\Andreas\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation) R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [303184 2009-09-03] (DigitalPersona, Inc.) R2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-06-03] (McAfee, Inc.) S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-08-17] (Hewlett-Packard Ltd) S3 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-10] (Hewlett-Packard) [File not signed] R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [95800 2009-08-20] (Hewlett-Packard) S3 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-08-26] (Hewlett-Packard Development Company, L.P) [File not signed] R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [96312 2009-08-20] (Hewlett-Packard) R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277024 2009-08-13] (McAfee, Inc.) R2 HPFSService; c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [293376 2009-07-15] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC) [File not signed] S2 ksupmgr; C:\Windows\system32\ksupmgr.exe [765592 2010-08-25] (Salfeld Computer) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [144704 2009-06-03] (McAfee, Inc.) R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc) R2 SbieSvc; C:\Users\Andreas\SYSTEMprogramme\SbieSvc.exe [72976 2011-11-23] (SANDBOXIE L.T.D) R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0879317fde6173f1\STacSV.exe [221266 2009-08-05] (IDT, Inc.) R2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S2 myAgtSvc; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" /ServiceStart [X] S2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.) S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [74240 2013-04-23] (LG Electronics Inc.) S1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-05-22] (AVG Technologies) [File not signed] S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-08-17] (Hewlett-Packard Development Company L.P.) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] R3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.) R3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.) R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.) S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.) R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [48128 2009-09-05] (REDC) R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC) R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40016 2009-08-13] (McAfee, Inc.) R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110448 2009-08-13] () [File not signed] R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51728 2009-08-13] (McAfee, Inc.) R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13184 2009-08-13] (McAfee, Inc.) R3 SbieDrv; C:\Users\Andreas\SYSTEMprogramme\SbieDrv.sys [131856 2011-11-23] (SANDBOXIE L.T.D) R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-14 16:23 - 2014-10-14 16:25 - 00045254 _____ () C:\Users\Andreas\Desktop\FRST.txt 2014-10-14 16:21 - 2014-10-14 16:21 - 01101824 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe 2014-10-14 15:48 - 2014-10-14 13:43 - 01705698 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT_NEW.exe 2014-10-14 15:15 - 2014-10-14 15:15 - 00000960 _____ () C:\Users\Andreas\Desktop\remove.txt 2014-10-14 14:16 - 2014-10-14 14:16 - 00263762 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-10-13 17:36 - 2014-10-13 17:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2014-10-13 07:06 - 2014-10-14 16:11 - 00004445 _____ () C:\Windows\system32\cchservice.err 2014-09-24 13:31 - 2014-09-24 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2014-09-24 13:30 - 2014-09-24 13:30 - 00000000 ____D () C:\Program Files\Evernote 2014-09-17 21:22 - 2014-09-17 21:23 - 00000914 _____ () C:\Users\Andreas\Desktop\My Documents.lnk 2014-09-17 21:22 - 2014-09-17 21:22 - 00001260 _____ () C:\Users\Andreas\Desktop\PC.lnk 2014-09-15 09:50 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-15 09:50 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-15 09:50 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-15 09:50 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-15 09:50 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-15 09:50 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-15 09:50 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-15 09:50 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-15 09:50 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-15 09:50 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-15 09:50 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-15 09:50 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-15 09:50 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-15 09:50 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-15 09:50 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-15 09:50 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-15 09:50 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-15 09:50 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-15 09:50 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-15 09:50 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-15 09:50 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-15 09:50 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-15 09:50 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-15 09:49 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-15 09:49 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-15 09:49 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-15 09:49 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-15 09:49 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-15 09:49 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-15 09:49 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-14 16:23 - 2014-04-23 21:23 - 00000000 ____D () C:\FRST 2014-10-14 16:19 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-14 16:19 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-14 16:18 - 2009-10-01 03:18 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-14 16:16 - 2012-10-22 23:35 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Ditto 2014-10-14 16:16 - 2012-04-15 19:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-14 16:15 - 2012-04-11 08:21 - 00000056 _____ () C:\Windows\system32\excltmp~.dat 2014-10-14 16:15 - 2010-10-13 22:23 - 01974571 _____ () C:\Windows\WindowsUpdate.log 2014-10-14 16:14 - 2012-01-20 18:35 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-14 16:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-14 16:11 - 2009-07-14 06:39 - 00424878 _____ () C:\Windows\setupact.log 2014-10-14 15:44 - 2012-01-20 18:35 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-14 15:28 - 2011-11-16 03:47 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA.job 2014-10-14 15:08 - 2011-10-01 03:35 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA.job 2014-10-14 14:31 - 2013-08-25 23:02 - 00000000 ____D () C:\Windows\system32\wdrv 2014-10-14 14:31 - 2011-10-01 13:52 - 00000261 _____ () C:\NET.INI 2014-10-14 14:31 - 2011-10-01 13:52 - 00000000 ___HD () C:\Program Files\Common Files\System Shared 2014-10-13 22:43 - 2011-11-29 21:13 - 00004846 _____ () C:\Windows\Sandboxie.ini 2014-10-13 22:08 - 2011-10-01 03:35 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core.job 2014-10-13 16:28 - 2011-11-16 03:47 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core.job 2014-10-13 15:38 - 2012-12-21 08:19 - 00000000 ____D () C:\Program Files\Motorola 2014-10-13 15:33 - 2011-09-26 20:59 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-10-13 15:29 - 2009-10-01 03:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-10-13 09:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-10-13 09:13 - 2012-12-21 08:51 - 00000000 ____D () C:\Temp 2014-10-13 07:06 - 2013-09-17 18:54 - 00000000 ____D () C:\Program Files\StarMoney 9.0 2014-10-13 07:06 - 2013-02-14 13:28 - 00000000 ___HD () C:\ProgramData\Device 2014-10-09 10:42 - 2013-02-13 13:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-30 22:15 - 2012-09-08 17:37 - 00158652 _____ () C:\Users\Andreas\Desktop\Database2012-09.kdb.kdb 2014-09-27 09:10 - 2013-01-22 18:30 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2014-09-27 09:10 - 2013-01-22 18:30 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk 2014-09-24 15:16 - 2012-04-15 19:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-24 15:16 - 2011-10-01 03:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-23 12:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-17 21:27 - 2013-02-20 01:29 - 00000000 ____D () C:\Users\Andreas\Desktop\BACKUP Saver 2014-09-15 10:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-15 09:52 - 2009-10-01 03:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-15 09:49 - 2013-07-29 08:50 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-15 09:06 - 2011-09-12 10:25 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-15 08:53 - 2011-11-14 23:57 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Andreas\AppData\Local\Temp\proxy_util_w32.dll C:\Users\Andreas\AppData\Local\Temp\setup{A5AA80DC-A9D4-4792-BF4A-DFDDD5824B73}.exe C:\Users\Andreas\AppData\Local\Temp\setup{ABBCEE9C-C215-428A-9CAF-74DFD0612D02}.exe C:\Users\Monika\AppData\Local\Temp\fqqsc5od.dll C:\Users\Monika\AppData\Local\Temp\rt507gxw.dll C:\Users\Mr.Backup\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Mr.Backup\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\TEST\AppData\Local\Temp\o6hw5iub.dll C:\Users\TEST\AppData\Local\Temp\rmmwricn.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-10 09:41 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01 Ran by Andreas at 2014-10-14 16:26:15 Running from C:\Users\Andreas\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 1.36 (HKLM\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) AbiWord 2.8.4 (HKLM\...\AbiWord2) (Version: 2.8.4 - AbiSource Developers) ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity) ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) AM-DeadLink 4.6 (HKLM\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com) Analog Clock (HKCU\...\Analog Clock) (Version: - Opera widgets) Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{506C2F0A-2C04-BDA8-8B90-0A3DF65ED67E}) (Version: 3.0.732.0 - ATI Technologies, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 1995397856.48.56.3607922 - Audible, Inc.) Auktionatrix - der schnelle Weg zu eBay (HKLM\...\{02E8DF80-DFB9-4C56-8CB9-AFA1CE97AF9C}) (Version: 4.11.10.0 - Z-Dev) BackRex Internet Explorer Backup (HKLM\...\BackRex Internet Explorer Backup) (Version: 2.8 - BackRex Software) BayDesigner - Deinstallation (HKLM\...\BayDesigner_is1) (Version: 1.35 - Mathias Gerlach [aborange.de]) BayWatcher Pro - Deinstallation (HKLM\...\BayWatcher_is1) (Version: 8.05 - Mathias Gerlach & Jochen Milchsack [aborange.de]) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.30.21.0 - Broadcom Corporation) Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version: - ) Cartoonist 1.3 (HKLM\...\Cartoonist_is1) (Version: - ) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2009.0909.1747.30091 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2009.0909.1747.30091 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2009.0909.1747.30091 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2009.0909.1747.30091 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2009.0909.1747.30091 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (Version: 2009.0909.1747.30091 - ATI) Hidden CCC Help Chinese Standard (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Chinese Traditional (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Czech (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Danish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Dutch (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help English (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Finnish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help French (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help German (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Greek (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Hungarian (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Italian (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Japanese (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Korean (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Norwegian (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Polish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Portuguese (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Russian (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Spanish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Swedish (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Thai (Version: 2009.0909.1746.30091 - ATI) Hidden CCC Help Turkish (Version: 2009.0909.1746.30091 - ATI) Hidden ccc-core-static (Version: 2009.0909.1747.30091 - ATI) Hidden ccc-utility (Version: 2009.0909.1747.30091 - ATI) Hidden CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev) Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.1 - Hewlett-Packard) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden) doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) Drive Encryption (HKLM\...\{77ECDC11-EC6B-4027-AD94-60E839F256FB}) (Version: 5.0.1.2 - Hewlett-Packard) Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.) eDocPrintPro (HKLM\...\eDocPrintPro) (Version: - ) Elastic Soccer v1.0 (HKLM\...\{0FB9C428-F598-49FF-9C90-B1821FF90486}_is1) (Version: - Nowstat.com) EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation) EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Evernote v. 5.6.4 (HKLM\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.) Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff) Faxdrucker (HKLM\...\{44FEE3D0-362E-4439-A976-51825DDAC61F}) (Version: 0.1 - simple-fax.de) File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.0.7 - Hewlett-Packard) FileParade bundle uninstaller (HKLM\...\FileParade bundle uninstaller) (Version: 1.0.0.0 - FileParade) <==== ATTENTION FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project) Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) FreeCommander 2009.02b (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) German - with < > | (HKLM\...\{724D0DBA-3F2F-4AE2-B16C-DAAB7FCB7F49}) (Version: 1.0.3.40 - HP) Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard) HP Advisor (HKLM\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9212.3114 - Hewlett-Packard) HP Common Access Service Library (HKLM\...\{AFCFBA3D-D2EB-4F44-A7F6-5384CE5090DA}) (Version: 3.0.31.1 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard) HP Power Assistant (HKLM\...\{B07A6D31-EDE9-415A-9278-07400F7FCCD5}) (Version: 1.0.0.31 - Hewlett-Packard) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.00.516 - Hewlett-Packard) HP ProtectTools Security Manager (Version: 5.00.516 - Hewlett-Packard) Hidden HP QuickLook (HKLM\...\{6B11BCAC-CE60-418E-A0BD-F773EC1194E5}) (Version: 3.0.0.19 - Hewlett-Packard) HP QuickWeb (HKLM\...\{7861911B-4270-498A-8F7A-FCF0570F4800}) (Version: 1.0.1.32 - DeviceVM, Inc.) HP Setup (HKLM\...\{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}) (Version: 1.2.3215.3078 - Hewlett-Packard) HP Software Setup (HKLM\...\{C66A15C3-1435-49AA-9F20-F854E2E91A6C}) (Version: 6.0.1.7 - Hewlett-Packard) HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard) HP User Guides 0142 (HKLM\...\{10A11115-4EFC-4E86-BFC1-D53A478556A1}) (Version: 1.01.0001 - Hewlett-Packard) HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{3E497776-1FCB-4921-91DC-D26E7F636B62}) (Version: 4.0.0.31 - Hewlett-Packard) HPAsset component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden iCopy (HKLM\...\iCopy) (Version: 1.6.0 - Matteo Rossi) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6229.0 - IDT) Internet Updater (HKLM\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard) Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.390 - Oracle) KeePass Password Safe 1.27 (HKLM\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl) Kindersicherung 2012 (HKLM\...\Kindersicherung_is1) (Version: - Salfeld Computer GmbH) Kolab E5 Client 2012-07-31-07-47 (HKLM\...\Kolab E5 Client) (Version: - ) L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version: - ) L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version: - ) Lame ACM MP3 Codec (HKLM\...\LameACM) (Version: - ) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Lauge 3.0.4.beta (HKLM\...\Lauge_is1) (Version: 3.0.4.beta - Waldemar Derr) Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version: - ) LesefixPRO (HKLM\...\{00DDD9E0-E95F-4470-8767-26B76164A315}) (Version: 8.00 - Dr. Michael Schlesier) LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics) LibreOffice 3.3 (HKLM\...\{1A97CF67-FEBB-436E-BD64-431FFEF72EB8}) (Version: 3.3.8 - LibreOffice) LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe) Linkman (HKLM\...\Linkman) (Version: 8.71 - Outertech) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) McAfee Virus and Spyware Protection Service (HKLM\...\MVS) (Version: 4.9.2.335 - McAfee, Inc.) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Russian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (Bulgarian) 2007 (Version: 12.0.4518.1042 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (Latvian) 2007 (Version: 12.0.4518.1045 - Microsoft Corporation) Hidden Microsoft Office Proofing (Lithuanian) 2007 (Version: 12.0.4518.1048 - Microsoft Corporation) Hidden Microsoft Office Proofing (Romanian) 2007 (Version: 12.0.4518.1039 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation) Microsoft Office Word MUI (Bulgarian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Latvian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Lithuanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Romanian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft RichCopy 4.0 (HKLM\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mindomo Desktop (HKLM\...\MindomoDesktop) (Version: 6.84 - Expert Software Applications Srl) Mindomo Desktop (Version: 6.84 - Expert Software Applications Srl) Hidden mobilant.de Client (HKLM\...\mobilant) (Version: 1.0 - F.J. Wechselberger) Mobile Master (Version: 7.9.14 - Jumping Bytes) Hidden Mobile Master 7.9.14 (HKLM\...\Mobile Master) (Version: 7.9.14 - Jumping Bytes) MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC) MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MuseScore 1.1 MuseScore score typesetter (HKLM\...\MuseScore) (Version: 1.1.0 - Werner Schweer and Others) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger) Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia Maps 3D browser plugin for Internet Explorer (5.7.1.0) (HKCU\...\Nokia Maps 3D browser plugin for Internet Explorer) (Version: 5.7.1.0 - Nokia) Open Last Closed Tab - Internet Explorer Extension (HKLM\...\OpenLastClosedTab) (Version: 4.1.0.0 - MuvEnum) Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA) PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd) PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.213.1 - Tracker Software Products Ltd) PhotoScape (HKLM\...\PhotoScape) (Version: - ) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Pre-Boot Security for HP ProtectTools (Version: 5.0.6.1 - Hewlett-Packard) Hidden PreisHai 4.2 (HKLM\...\PreisHai_is1) (Version: - Elmar Denkmann) Privacy Manager for HP ProtectTools (HKLM\...\{2F77F045-8B4E-40B7-8130-56076F85C38E}) (Version: 5.00.712 - Hewlett-Packard) PureSync (Version: 3.7.2 - Jumping Bytes) Hidden PureSync 3.7.2 (HKLM\...\PureSync) (Version: 3.7.2 - Jumping Bytes) QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) RealSpeak Solo fur Deutsch - Steffi (HKLM\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.12.00.05 - RICOH) Roxio Activation Module (Version: 1.0 - Roxio) Hidden Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden Sandboxie 3.62 (32-bit) (HKLM\...\Sandboxie) (Version: 3.62 - SANDBOXIE L.T.D) Seesu (HKCU\...\Seesu) (Version: - Gleb Arestov) Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software) simple-fax.de Version 1 (HKLM\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden SpeedCommander 11 (HKLM\...\SpeedCommander 11) (Version: 11 - SpeedProject) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) StarMoney (Version: 2.0 - StarFinanz) Hidden StarMoney (Version: 3.0.1.31 - StarFinanz) Hidden StarMoney (Version: 4.0.1.51 - StarFinanz) Hidden StarMoney 7.0 (HKLM\...\{3A116B91-77B5-463A-8B77-6FBDE5BAA661}) (Version: 7.0 - Star Finanz GmbH) StarMoney 8.0 (HKLM\...\{6A75F8FA-3A8C-4A11-8628-43ADC5332BEF}) (Version: 8.0 - Star Finanz GmbH) StarMoney 9.0 (HKLM\...\{CC4F180B-8D7D-44E1-A061-A1B6DDD653CC}) (Version: 9.0 - Star Finanz GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated) SyncBack (HKLM\...\SyncBack_is1) (Version: - 2BrightSparks) Synkron 1.6.2 (HKLM\...\Tomlein.Synkron_is1) (Version: 1.6.2 - Matúš Tomlein) TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer) Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.15 - Hewlett-Packard) Theft Recovery (Version: 5.1.0.15 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0402-0000-0000000FF1CE}_PROHYBRIDR_{F8AE4EBB-CCF5-45FB-B527-E88B4DC37278}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0418-0000-0000000FF1CE}_PROHYBRIDR_{2CD437DF-B0CD-43D2-A344-07C9FAC961F4}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0426-0000-0000000FF1CE}_PROHYBRIDR_{64057C60-03F0-4E29-B2E2-DCB6A1886F33}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0427-0000-0000000FF1CE}_PROHYBRIDR_{CC873AD1-9842-4A46-AF2A-3ED0F3F1452C}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft) Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0 - McAfee Inc.) Hidden VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) WEB.DE Online-Speicher 1.3.1234.0 (HKCU\...\WEB.DE Application {sync-000021}) (Version: 1.3.1234.0 - 1&1 Mail & Media GmbH) WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH) WEB.DE Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH) Websteroids (HKLM\...\Websteroids) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.8 - Hewlett-Packard) Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. ) Wuala (HKCU\...\Wuala) (Version: 1.0.411.0 - LaCie) Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{3117CB95-EAC5-4C8E-8647-429A6BA4E914}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Nokia\OviMapsPlugIn\PlugIns\5.7.1.0\npNMapNPR.dll (Nokia gate5 GmbH) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Chrome\Application\32.0.1700.76\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{CAC6785B-655E-4AE1-A656-BDEFD18DC46C}\InprocServer32 -> C:\Program Files\ScanSoft\RealSpeakSolov4\speech\components\common\rs_sapi5_solo.dll (ScanSoft, Inc) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomCtl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\COMDLG32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1624768357-4126066135-592724133-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C2D18F9-AA3F-4BCA-B98C-6BCA255BDB40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.) Task: {2EE8AA8D-D206-4C3A-ABC4-3C81FDD16626} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.) Task: {45ADE483-6146-40DB-8021-6C3D5E21A998} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH) Task: {46FC6A6B-8F1A-4DB8-A041-32D5110D4F83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.) Task: {5625CBF6-57FE-4D98-9CD1-BA4CD8A511ED} - System32\Tasks\OperaBookmarks => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Operasave11.exe [2013-08-20] () Task: {592BC37C-F4D1-4579-A987-FBB5506CE04A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.) Task: {6CEC5E53-6AB2-41FC-A3D5-B65C1CBF011F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {6EBE3D25-1606-429C-A4C0-D06AF8E76A10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.) Task: {74A3E3A2-C334-4AF1-8189-8684FAD401B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {95A1B0B2-E0F7-42D9-B7C8-B91A7C275888} - System32\Tasks\Firesave => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Firesave11.exe [2013-08-20] () Task: {B5361521-D7CF-4099-B24D-2F3D232EBEFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {C01C8BE0-BD5C-44D8-97E3-70915D71CAA5} - System32\Tasks\{9813CE5C-8F35-4835-AC86-B55B5816A9BD} => Firefox.exe Task: {E58361F0-3D6E-48F2-913E-E9337A15D1C0} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-10] (Hewlett-Packard) Task: {EF570923-0D65-4B54-B77C-75D729D87533} - System32\Tasks\thundersave => C:\Users\Andreas\Documents\Eigene Daten T30 -PC\PC\Backups\Thundersave11.exe [2013-08-20] () Task: {F2E7D8D1-09FE-4DFC-8CE5-6BDCFD272684} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002Core.job => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1002UA.job => C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003Core.job => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624768357-4126066135-592724133-1003UA.job => C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-08-17 21:26 - 2009-08-17 21:26 - 00300600 _____ () C:\Windows\system32\flcdlmsg.dll 2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2009-08-20 22:15 - 2009-08-20 22:15 - 00051768 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll 2009-08-20 22:15 - 2009-08-20 22:15 - 00051256 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll 2009-08-13 00:16 - 2009-08-13 00:16 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2009-08-13 00:15 - 2009-08-13 00:15 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll 2009-08-13 00:15 - 2009-08-13 00:15 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll 2009-08-13 00:15 - 2009-08-13 00:15 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2009-08-13 00:15 - 2009-08-13 00:15 - 00018944 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2009-08-13 00:15 - 2009-08-13 00:15 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll 2009-08-13 00:15 - 2009-08-13 00:15 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll 2009-08-13 00:15 - 2009-08-13 00:15 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll 2012-10-22 23:34 - 2012-01-03 20:00 - 01350144 _____ () C:\Program Files\Ditto\Ditto.exe 2012-10-22 23:34 - 2012-01-03 19:59 - 00008192 _____ () C:\Program Files\Ditto\focus.dll 2014-08-26 16:47 - 2014-08-26 16:47 - 00436576 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll 2014-08-26 16:47 - 2014-08-26 16:47 - 00318304 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll 2009-06-11 01:30 - 2009-06-11 01:30 - 00098304 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-10-13 22:23 - 2010-10-13 22:23 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-07-12 17:25 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ksupmgr => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Google Update => "C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: McAfee Managed Services Tray => C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized ========================= Accounts: ========================== Administrator (S-1-5-21-1624768357-4126066135-592724133-500 - Administrator - Disabled) Andreas (S-1-5-21-1624768357-4126066135-592724133-1002 - Administrator - Enabled) => C:\Users\Andreas Guest (S-1-5-21-1624768357-4126066135-592724133-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1624768357-4126066135-592724133-1007 - Limited - Enabled) McAfeeMVSUser (S-1-5-21-1624768357-4126066135-592724133-1000 - Limited - Enabled) Mona (S-1-5-21-1624768357-4126066135-592724133-1009 - Limited - Enabled) => C:\Users\Mona Monika (S-1-5-21-1624768357-4126066135-592724133-1004 - Limited - Enabled) => C:\Users\Monika TEST (S-1-5-21-1624768357-4126066135-592724133-1010 - Administrator - Enabled) => C:\Users\TEST ==================== Faulty Device Manager Devices ============= Name: avgtp Description: avgtp Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: avgtp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/13/2014 07:24:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0xfc4 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/13/2014 05:30:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x17ac Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/13/2014 04:08:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x177c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/13/2014 03:35:07 PM) (Source: MsiInstaller) (EventID: 11904) (User: Andreas-PC) Description: Product: Motorola Device Software Update -- Error 1904. Module C:\Program Files\Common Files\MSSoap\Binaries\MSSOAP30.dll failed to register. HRESULT -1073741502. Contact your support personnel. Error: (10/13/2014 03:28:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FreeCommander.exe, version: 2009.2.0.417, time stamp: 0x4c8d0097 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c Exception code: 0xc0000028 Fault offset: 0x00090629 Faulting process id: 0x2e60 Faulting application start time: 0xFreeCommander.exe0 Faulting application path: FreeCommander.exe1 Faulting module path: FreeCommander.exe2 Report Id: FreeCommander.exe3 Error: (10/13/2014 03:26:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x2b2c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/13/2014 02:54:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x2c7c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/13/2014 02:21:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x223c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/13/2014 01:02:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x1118 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/13/2014 11:45:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x23c8 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 System errors: ============= Error: (10/14/2014 04:12:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: avgtp Error: (10/14/2014 04:11:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The vToolbarUpdater15.2.0 service failed to start due to the following error: %%2 Error: (10/14/2014 04:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Virus and Spyware Protection Service service failed to start due to the following error: %%2 Error: (10/14/2014 04:11:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UAC File Virtualization service failed to start due to the following error: %%2 Error: (10/14/2014 04:11:01 PM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (10/14/2014 04:11:01 PM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (10/14/2014 03:55:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: avgtp Error: (10/14/2014 03:55:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The vToolbarUpdater15.2.0 service failed to start due to the following error: %%2 Error: (10/14/2014 03:55:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Virus and Spyware Protection Service service failed to start due to the following error: %%2 Error: (10/14/2014 03:54:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UAC File Virtualization service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-10-14 15:27:49.623 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-14 15:16:11.184 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-14 14:52:07.909 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-13 19:57:35.105 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-13 19:48:57.503 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-13 19:29:50.416 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-13 14:51:34.855 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-13 14:34:17.233 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-13 13:14:46.731 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-13 12:50:30.598 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wdrvtd32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon(tm) II Dual-Core M340 Percentage of memory in use: 53% Total physical RAM: 2812.7 MB Available physical RAM: 1295.43 MB Total Pagefile: 5623.7 MB Available Pagefile: 3820.4 MB Total Virtual: 2047.88 MB Available Virtual: 1912.34 MB ==================== Drives ================================ Drive c: (WIN7_C) (Fixed) (Total:280.79 GB) (Free:91.65 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.37 GB) FAT32 Drive f: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: B8DEA2D4) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=83) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ==================== End Of Log ============================ Arbeiten seeehr eingeschränkt, da der Plugin Container alle ca. 30 min crasht ohne jede Vorwarnung, also ständig Broser Neustart... Fixen möglich, oder besser gleich alles NEU? LG AWK |
15.10.2014, 12:02 | #8 |
/// the machine /// TB-Ausbilder | Friend Checker, Conduit Search, seltsames Browser Verhalten Du brauchst nen halbes Jahr um dich nochmal zu melden? So extrem kann das Problem anscheinend nicht nerven. Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |