|
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.05.2014, 19:23 | #1 |
| Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Im IE werden immer wieder Werbe-Seite aufgemacht (z.B. BigFarm, ImperiaOnline...). Normales Arbeiten ist kaum möglich. Vielen Dank für die Unterstützung. Gruß Thomas Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014 Ran by Familie Hüneke (administrator) on WOHNZIMMER on 15-05-2014 19:40:16 Running from E:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (COMPANYVERS_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (LaCrosse Technology) C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Updater) C:\ProgramData\Updater\updater.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Dropbox, Inc.) C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-29] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [VideoWebCamera] => C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1545568 2010-05-26] (Suyin) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [486264 2013-12-19] (Updater) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [ICQ] => ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] () HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) AppInit_DLLs: c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4074824 2013-12-28] () AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [4009288 2013-10-29] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=117116&tt=4312_1&babsrc=HP_ss&mntrId=f85b6aec0000000000001c659d69f9d3 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark) SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={E7DA0208-203C-11E2-92E2-1C750800B7DB} SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=2271&ptb=28EE3716-08E7-4B51-98E5-C48C4EEA4509&psa=&ind=2012092909&st=sb&n=77ee19ed&searchfor={searchTerms} SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={E7DA0208-203C-11E2-92E2-1C750800B7DB} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&q={searchTerms}&SSPV= SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&q={searchTerms}&SSPV= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0BA6F57F-AF92-491C-8675-A55E84FF3BE3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=a02c8609-cea3-4a4c-9069-8862b8756f9d&apn_sauid=EEB0CF73-5FA3-47A7-9DF8-05A17341F48A SearchScopes: HKCU - {0D7434EF-A769-4488-A0F2-E8D3F8F72EE5} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=117116&tt=4312_1&babsrc=SP_ss&mntrId=f85b6aec0000000000001c659d69f9d3 SearchScopes: HKCU - {27E7BFC7-6CA4-4CF3-AD05-1C40D7D1E3F7} URL = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=597 SearchScopes: HKCU - {3AAFA65F-3D8E-487E-8014-5A8CD9BBEBDF} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {5C4BB07E-4E95-450C-B02F-2F41FAC4B482} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {8E32ED50-5AD1-45C8-A8B9-B6DD94042D58} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=2271&ptb=28EE3716-08E7-4B51-98E5-C48C4EEA4509&psa=&ind=2012092909&st=sb&n=77ee19ed&searchfor={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={E7DA0208-203C-11E2-92E2-1C750800B7DB} SearchScopes: HKCU - {F596839C-A855-440B-9ACA-71C401DEA93D} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: PPTCheckEr - {3BC49F3A-4932-1B46-8C91-F5E27B8931DD} - C:\ProgramData\PPTCheckEr\p2tq9jcq.x64.dll () BHO: deal4Real - {79126CB1-1C27-7666-4DE5-D5F1AE484005} - C:\ProgramData\deal4Real\WiO2nZOb.x64.dll () BHO: LuckyyShoopperr - {A4F646B3-3920-98D8-E4DC-F0749868EF63} - C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.x64.dll () BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: deeaLSter - {C7D865E9-6FB7-AA61-97FD-4DAE53EE8126} - C:\ProgramData\deeaLSter\9wOvGBaNBd.x64.dll () BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: webSavver - {F3EBFEB9-6F22-9717-3407-AE199EDA8101} - C:\ProgramData\webSavver\7QyNLzCFV.x64.dll () BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: iSkysoft iTube Studio - {0F789748-F853-4734-A187-A096F05306E5} - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.) BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll No File BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: PPTCheckEr - {3BC49F3A-4932-1B46-8C91-F5E27B8931DD} - C:\ProgramData\PPTCheckEr\p2tq9jcq.dll () BHO-x32: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: deal4Real - {79126CB1-1C27-7666-4DE5-D5F1AE484005} - C:\ProgramData\deal4Real\WiO2nZOb.dll () BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: LuckyyShoopperr - {A4F646B3-3920-98D8-E4DC-F0749868EF63} - C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.dll () BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: deeaLSter - {C7D865E9-6FB7-AA61-97FD-4DAE53EE8126} - C:\ProgramData\deeaLSter\9wOvGBaNBd.dll () BHO-x32: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) BHO-x32: webSavver - {F3EBFEB9-6F22-9717-3407-AE199EDA8101} - C:\ProgramData\webSavver\7QyNLzCFV.dll () BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com) Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll No File Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: haufereader - No CLSID Value - Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: haufereader - No CLSID Value - Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 74.208.10.249 gs.apple.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default FF user.js: detected! => C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js FF DefaultSearchEngine: Conduit Search FF SearchEngineOrder.1: Search the web (Babylon) FF SelectedSearchEngine: Conduit Search FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\videomngr.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: webSavver - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\3coxb35@sh-.org [2014-01-29] FF Extension: deeaLSter - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\fehraooy@sj-.edu [2014-02-14] FF Extension: FreeHDSport.TV - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\freehdsport@freehdsport.tv [2012-12-28] FF Extension: GoPhotoIt - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\gophoto@gophoto.it [2013-08-16] FF Extension: PPTCheckEr - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\iauaaio@iuya.net [2014-02-05] FF Extension: deal4Real - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\nwyh6eiae@uoeoucz-.co.uk [2014-01-29] FF Extension: BBetterPriceChec - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\ooy1efsw@cooyuouwm.org [2014-03-18] FF Extension: Yontoo - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\plugin@yontoo.com [2012-10-04] FF Extension: No Name - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\staged [2013-02-22] FF Extension: Websteroids - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\support@websteroidsapp.com [2013-12-28] FF Extension: Winamp Toolbar - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2013-04-04] FF Extension: Flashblock - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-19] FF Extension: ICQ Toolbar - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-08-22] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-12-29] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013-01-08] FF Extension: FreeHDSport.TV - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\freehdsport@freehdsport.tv.xpi [2012-10-27] FF Extension: GoPhotoIt - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\gophoto@gophoto.it.xpi [2013-02-01] FF Extension: Yontoo - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\plugin@yontoo.com.xpi [2013-02-22] FF Extension: WEB.DE MailCheck - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\toolbar@web.de.xpi [2011-12-28] FF Extension: YouTube to MP3 - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-03-17] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-17] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-10-27] FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin FF Extension: TelevisionFanatic - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2012-09-29] FF HKLM-x32\...\Firefox\Extensions: [{7F737E3E-993D-43AB-9109-90C4E82752CC}] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ FF Extension: iSkysoft iTube Studio - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ [] FF HKCU\...\Firefox\Extensions: [{7F737E3E-993D-43AB-9109-90C4E82752CC}] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ FF Extension: iSkysoft iTube Studio - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ [] Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&SSPV= CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&SSPV=" CHR DefaultSearchKeyword: conduit.search CHR DefaultSearchProvider: Conduit Search CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&q={searchTerms}&SSPV= CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Ask Toolbar) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaplmcbjhigpfkmaffahlojgchbgfk [2013-08-10] CHR Extension: (iSkysoft iTube Studio) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afapmikcgbhfkecdhiokcgledjcpfbfd [2013-10-08] CHR Extension: (FreeHDSport.TV) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok [2013-08-10] CHR Extension: (BBetterPriceChec) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaioaiklojlgnkabahipckfkoajbmako [2014-03-18] CHR Extension: (deal4Real) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\elklmgblhlhcjeildfhdbpgkkkfijfcj [2014-01-29] CHR Extension: (Websteroids) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2013-12-28] CHR Extension: (deeaLSter) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaonmipmkibfeihebmdoekopdimendbo [2014-02-14] CHR Extension: (SweetIM for Facebook) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-08-10] CHR Extension: (Yontoo) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2013-08-10] CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-08-10] CHR Extension: (GoPhoto.it) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-08-10] CHR Extension: (webSavver) - C:\ProgramData\ghonjeljkjgdkabddkchmhmmeipcnhip [2014-01-29] CHR HKLM-x32\...\Chrome\Extension: [aaaaplmcbjhigpfkmaffahlojgchbgfk] - C:\Users\Familie Hüneke\AppData\Local\APN\GoogleCRXs\aaaaplmcbjhigpfkmaffahlojgchbgfk_7.16.0.0.crx [2012-07-06] CHR HKLM-x32\...\Chrome\Extension: [afapmikcgbhfkecdhiokcgledjcpfbfd] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRChromePlugin.crx [2013-10-08] CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\ATDheNetTVApp.com\stv11.crx [2012-10-27] CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\Websteroids\Chrome\common.crx [2013-12-19] CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-10-27] CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2012-10-04] CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-10-27] CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2012-07-31] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [190616 2013-12-28] () R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated) S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] () R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-06] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.) R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools) R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2012-09-29] (COMPANYVERS_NAME) R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 WV5Communication; C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe [1843712 2011-01-18] (LaCrosse Technology) ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [204568 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr)) S1 klfbmhmg; \??\C:\Windows\system32\drivers\klfbmhmg.sys [X] S1 pwluztou; \??\C:\Windows\system32\drivers\pwluztou.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-15 19:40 - 2014-05-15 19:40 - 00000000 ____D () C:\FRST 2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 _____ () C:\Users\Familie Hüneke\defogger_reenable 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieUserList 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieSiteList 2014-05-08 15:56 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-08 15:56 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-08 15:56 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-08 15:56 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-07 11:25 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-07 11:25 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-07 11:25 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-07 11:25 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-07 11:24 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-07 11:24 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-07 11:24 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-07 11:24 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-07 11:24 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-07 11:24 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-07 11:24 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-07 11:24 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-07 11:24 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-07 11:24 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-07 11:24 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-07 11:24 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-07 11:24 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-07 11:24 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-07 11:24 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-07 11:24 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-07 11:24 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-07 11:24 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-07 11:24 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-07 11:24 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-07 11:24 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-07 11:24 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-07 11:24 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-07 11:24 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-07 11:24 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-07 11:24 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-07 11:24 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-07 11:24 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-07 11:24 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-07 11:24 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-07 11:24 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-07 11:24 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-07 11:24 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-07 11:24 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-07 11:24 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-07 11:24 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-07 11:24 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-07 11:24 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-07 11:24 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-07 11:24 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-07 11:23 - 2014-05-07 11:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 14:56 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 14:56 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= 2014-05-15 19:40 - 2014-05-15 19:40 - 00000000 ____D () C:\FRST 2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 _____ () C:\Users\Familie Hüneke\defogger_reenable 2014-05-15 19:33 - 2010-12-30 22:05 - 00000000 ____D () C:\Users\Familie Hüneke 2014-05-15 19:31 - 2010-10-26 00:11 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-05-15 19:31 - 2010-10-26 00:11 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-05-15 19:31 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-15 19:27 - 2011-02-06 22:47 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-15 19:18 - 2013-10-12 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-15 19:05 - 2013-08-17 16:59 - 01588510 _____ () C:\Windows\WindowsUpdate.log 2014-05-15 19:05 - 2010-12-30 16:15 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\Skype 2014-05-15 15:18 - 2013-10-12 14:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-15 15:18 - 2012-07-25 06:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-15 15:18 - 2011-08-26 21:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-15 14:57 - 2011-01-09 12:12 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\Dropbox 2014-05-12 16:49 - 2013-11-23 13:39 - 00014486 _____ () C:\Windows\setupact.log 2014-05-11 12:27 - 2011-02-06 22:47 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-10 08:57 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-10 08:57 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-10 08:51 - 2011-01-09 12:15 - 00000000 ___RD () C:\Users\Familie Hüneke\Dropbox 2014-05-10 08:48 - 2011-12-28 12:02 - 00000441 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-10 08:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieUserList 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieSiteList 2014-05-07 18:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-07 11:23 - 2014-05-07 11:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-05 10:25 - 2013-06-21 14:12 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\File Scout 2014-05-03 17:28 - 2011-01-17 08:36 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Local\CrashDumps 2014-04-29 16:01 - 2014-05-08 15:56 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-08 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-08 15:56 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-08 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-26 10:45 - 2013-07-30 19:56 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Local\Microsoft Help 2014-04-23 20:34 - 2013-12-15 09:52 - 00179618 _____ () C:\Windows\PFRO.log 2014-04-21 14:41 - 2013-07-30 19:56 - 00000000 ____D () C:\ProgramData\Microsoft Help Some content of TEMP: ==================== C:\Users\Familie Hüneke\AppData\Local\Temp\nsd27B.exe C:\Users\Familie Hüneke\AppData\Local\Temp\nsfBB47.exe C:\Users\Familie Hüneke\AppData\Local\Temp\nsj7AAA.exe C:\Users\Familie Hüneke\AppData\Local\Temp\nsjFDBA.exe C:\Users\Familie Hüneke\AppData\Local\Temp\nsoF502.exe C:\Users\Familie Hüneke\AppData\Local\Temp\nst6FA0.exe C:\Users\Familie Hüneke\AppData\Local\Temp\nst7607.exe C:\Users\Familie Hüneke\AppData\Local\Temp\setup{090AB543-B1BE-4CB3-811E-A7AF6E5E4984}.exe C:\Users\Familie Hüneke\AppData\Local\Temp\setup{2FB4C8D9-A030-46E7-898D-1C63DE7653EE}.exe C:\Users\Familie Hüneke\AppData\Local\Temp\SPSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-22 12:45 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014 Ran by Familie Hüneke at 2014-05-15 19:42:04 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2011.1109.2212.39826 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.61109.2218 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2011.1109.2212.39826 - Ihr Firmenname) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATDheNetTVApp (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - ATDheNetTVApp.com) AVS Audio Converter version 6.3 (HKLM-x32\...\AVS Audio Converter 6.3_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Babylon toolbar (HKLM-x32\...\BabylonToolbar) (Version: - BabylonToolbar) <==== ATTENTION Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561 - ATI Technologies, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) CDex extraction audio (HKLM-x32\...\CDex) (Version: - ) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden deal4Real (HKLM-x32\...\{2FA77785-00C3-A920-6452-D4FE5C9C129F}) (Version: - deal4reAla) deeaLSter (HKLM-x32\...\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}) (Version: - deAelstear) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Driver Whiz (HKLM-x32\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen) ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time) Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter version 3.10.17.221 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.10.17.221 - DVDVideoSoft Ltd.) freeTunes*3.0 (HKLM-x32\...\{447E3935-A085-42D4-0001-8BE5E4034B40}) (Version: 3.0.11.1100 - Engelmann Media GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG) Haufe iDesk-Service (HKLM-x32\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe) Heavy Weather Pro WS 2800 EU (HKLM-x32\...\Heavy Weather Pro WS 2800_is1) (Version: - LaCrosse Technology EU) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.) ICQ Toolbar (HKLM-x32\...\ICQToolbar) (Version: 3.0.0 - ICQ) ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iSkysoft iTube Studio(Build 3.5.0.0) (HKLM-x32\...\iSkysoft iTube Studio_is1) (Version: 3.5.0.0 - iSkysoft Software) iTube Player(Build 1.0.0) (HKLM-x32\...\iTube Player_is1) (Version: 1.0.0.6 - iSkySoft) iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden KVB-Erstattungsantrag PC 2.62 (HKLM-x32\...\KVB-Erstattungsantrag PC_is1) (Version: - KVB) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell) Lexware buchhalter 2011 (HKLM-x32\...\{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}) (Version: 16.30.00.0179 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG) Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG) Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version: - ) LuckyyShoopperr (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - LucikyShopppEuR) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Language Pack 2013 - German/Deutsch (HKLM-x32\...\Office15.OMUI.de-de) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office O MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation) Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft SharePoint Designer MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft X MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{a97f0ac6-e34b-400a-8ce4-c4a5ab45344e}) (Version: - Nero AG) Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG) Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - PC Utilities Software Limited) <==== ATTENTION Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Packard Bell Game Console (x32 Version: - WildTangent) Hidden Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent) Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell) Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell) Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell) Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell) Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell ) Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.) Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden PPTCheckEr (HKLM-x32\...\{25AAE41B-C7A6-D04E-BABC-2D1B0D1DF4B0}) (Version: - PPTCCheckeR) QuickSteuer Deluxe 2011 (HKLM-x32\...\{6BCC7669-A863-4C24-804B-9C811C102F71}) (Version: 17.08.00.0005 - Haufe-Lexware GmbH & Co.KG) QuickSteuer DELUXE Wissens-Center 2011 (HKLM-x32\...\{0ABA2DC3-B67B-4D87-AB1B-EC5E9CDF24B3}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG) QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) Registry Mechanic 10.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Softonic toolbar on IE (HKLM-x32\...\Softonic) (Version: - Softonic) <==== ATTENTION Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION SweetPacks bundle uninstaller (HKLM-x32\...\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}) (Version: 1.0.0000 - SweetIM Technologies Ltd.) <==== ATTENTION TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer) TelevisionFanatic Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (HKLM-x32\...\{90150000-0015-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{02DD2FBD-76D9-4B8B-AAE6-657542F4F6E6}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{7FBE2D23-9F3C-4983-B927-2A4BF600B7A7}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{885A0D95-13A8-4A31-B01C-B02454F414AA}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{49893259-C896-4972-9B6C-6B75790945F1}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{65D789FD-9118-45AF-8DE4-F49F358A8525}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{65D789FD-9118-45AF-8DE4-F49F358A8525}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{B9DB28D9-15D0-4DDE-A123-C9B82AC9A579}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5EFADE14-CE0B-43BF-ADD2-850FCB79485F}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{8E942418-D7DE-48A4-8210-AD994006EFAA}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{2D355F71-076A-42AD-8747-6132105441F4}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2825631) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{E458713D-E208-4098-A155-EA1152F9B301}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{08F8B8BC-97B5-4110-8FC1-A840DEAD0DF9}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.OMUI.de-de_{F75F8521-118D-4DE2-927F-073BE7B6DC7F}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.OMUI.de-de_{E11A0DDD-9F6D-49C6-8F02-850D44DD7639}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.OMUI.de-de_{A1416C8A-2BA0-43D0-BCD5-C6C29D029327}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{DA3F3D63-4C9F-407B-9CA1-39638F85BDDD}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2837627) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{CA8215E2-4E68-4BCA-BBEB-D4ED8140F037}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{67F8928F-664E-47A9-B283-3121D5F904CC}) (Version: - Microsoft) Update for Microsoft SharePoint Designer 2013 (KB2760212) 32-Bit Edition (HKLM-x32\...\{90150000-0017-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{0A912463-EBB9-495B-9148-7E61C3CCE21E}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft) Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.37.3 - SuYin) VideoPerformer (HKLM-x32\...\VideoPerformer) (Version: - PerformerSoft LLC) <==== ATTENTION Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) webSavver (HKLM-x32\...\{5CDF2354-26AF-2DBC-1012-44FEDFCC75BB}) (Version: - webbsaver) Websteroids (HKLM-x32\...\Websteroids) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 04-05-2014 18:26:17 Windows Update 07-05-2014 09:22:51 Windows Update 08-05-2014 13:55:02 Windows Update 12-05-2014 11:00:58 Windows Update 15-05-2014 13:29:03 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2011-01-21 17:59 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts 74.208.10.249 gs.apple.com ==================== Scheduled Tasks (whitelisted) ============= Task: {02CE0596-0D8E-4CD4-A71A-A33B4CA5F985} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION Task: {18371D80-FFEF-4B2D-8766-428BD923B58C} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {2E1BED31-6F6A-4452-A888-044413529C29} - System32\Tasks\{C9532825-33DF-4EBB-A112-CF0AE6245CDE} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {334101C6-A515-4A9A-B287-0E28F47840AD} - System32\Tasks\{A585D0CD-D5A6-43CA-8C84-02090770408A} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {39924203-1F9C-431F-8CC1-8EA3870D7843} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {5388A25B-F4C6-4671-94C5-218063408613} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06] (Google Inc.) Task: {628230B4-4F92-439B-BD14-E9158ED1E7B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-21] (Microsoft Corporation) Task: {637D3AD7-982C-4720-8014-BD969708C86E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6EB8F5C2-064A-4C86-98F1-267E66C0DAA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {8C1B1B86-7E8D-4CAF-8457-68ACF4EF89BC} - System32\Tasks\{216E5783-33D3-4C77-8664-027B09B78D88} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {8C68B635-0BE6-4965-8580-9E7CA1320FB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06] (Google Inc.) Task: {9A987540-AF09-4C53-A9A6-ED273912BC92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated) Task: {A4D91206-16CE-4E05-987D-1C617AB50BDA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation) Task: {A945B832-7DA3-4855-AFA5-A6F0257113A1} - System32\Tasks\{E897978D-6DC0-4956-951D-151F43D8A078} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {B738C61F-647E-452E-9583-91533C31098F} - System32\Tasks\{AC73A295-92A4-4FA3-BE92-B202B59847C1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {D8478F34-DD21-4EE1-8EA6-FF4F8D9F22A5} - System32\Tasks\{FEA11B8E-9F42-4F8B-BA84-202FFAAA0377} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {E36F5D64-880E-4938-8B88-EE74A893E350} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {E7DF0D8B-2245-46B5-B2E7-51F57DDD43A3} - System32\Tasks\{E324BA03-D051-4A74-AE4F-83D04C7FD0CD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar Task: {F060CED3-533A-4C31-A9B4-9458A0F867A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-21] (Microsoft Corporation) Task: {FED480DC-C243-4A45-81B5-81DC161106C7} - System32\Tasks\{E494D829-1907-4C42-BEEF-DC6945FD1694} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-28 15:28 - 2013-12-28 15:28 - 04074824 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll 2011-11-09 23:09 - 2011-11-09 23:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-03-21 18:37 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-07-30 19:25 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2012-01-25 19:40 - 2010-11-21 12:49 - 00247608 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 2013-12-06 03:30 - 2013-12-06 03:30 - 00040448 _____ () C:\ProgramData\InternetUpdater\InternetUpdaterService.exe 2013-10-08 19:47 - 2012-12-25 11:49 - 00938157 _____ () C:\Windows\SysWOW64\WPShellExt64.dll 2013-12-28 15:28 - 2013-10-29 15:08 - 04009288 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll 2013-12-28 15:28 - 2013-12-28 15:28 - 00190616 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll 2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll 2012-04-06 10:07 - 2009-08-27 20:04 - 00159744 _____ () C:\Program Files (x86)\HeavyWeatherWV5\sHID.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\libcef.dll 2010-10-25 14:28 - 2010-05-26 15:58 - 00046328 _____ () C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll 2010-10-25 14:28 - 2010-05-26 15:58 - 00038136 _____ () C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll 2014-02-02 21:19 - 2014-02-02 21:19 - 00422400 _____ () C:\ProgramData\PPTCheckEr\p2tq9jcq.dll 2014-01-29 18:01 - 2014-01-29 18:01 - 00428032 _____ () C:\ProgramData\deal4Real\WiO2nZOb.dll 2014-03-18 16:08 - 2014-03-18 16:08 - 00424960 _____ () C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.dll 2014-02-14 18:05 - 2014-02-14 18:05 - 00423936 _____ () C:\ProgramData\deeaLSter\9wOvGBaNBd.dll 2014-01-29 18:01 - 2014-01-29 18:01 - 00424960 _____ () C:\ProgramData\webSavver\7QyNLzCFV.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: msnmsgr => ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader => C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/15/2014 07:05:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204 Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00118f87 ID des fehlerhaften Prozesses: 0x415c Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (05/12/2014 06:41:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4268 Startzeit: 01cf6e00d266e4d8 Endzeit: 29 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 40eba174-d9f4-11e3-ad5e-1c750800b7db Error: (05/12/2014 06:39:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3fcc Startzeit: 01cf6dffc0196a41 Endzeit: 54 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: ee79afc1-d9f3-11e3-ad5e-1c750800b7db Error: (05/12/2014 04:49:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6281942 Error: (05/12/2014 04:49:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6281942 Error: (05/12/2014 04:49:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/12/2014 04:49:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6280943 Error: (05/12/2014 04:49:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6280943 Error: (05/12/2014 04:49:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/12/2014 03:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5897 System errors: ============= Error: (05/15/2014 07:05:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (05/15/2014 07:05:39 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/15/2014 02:57:12 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/12/2014 06:32:14 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/11/2014 03:37:14 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/11/2014 03:03:05 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/11/2014 11:03:01 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/10/2014 08:46:43 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.173.1556.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.5.0216.00 Quellpfad: 4.5.0216.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (05/08/2014 03:54:43 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/08/2014 03:54:43 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (05/15/2014 07:05:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87415c01cf703d3ac0107bC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll271b470a-dc53-11e3-ad5e-1c750800b7db Error: (05/12/2014 06:41:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe25.0.1.5064426801cf6e00d266e4d829C:\Program Files (x86)\Mozilla Firefox\firefox.exe40eba174-d9f4-11e3-ad5e-1c750800b7db Error: (05/12/2014 06:39:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe25.0.1.50643fcc01cf6dffc0196a4154C:\Program Files (x86)\Mozilla Firefox\firefox.exeee79afc1-d9f3-11e3-ad5e-1c750800b7db Error: (05/12/2014 04:49:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6281942 Error: (05/12/2014 04:49:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6281942 Error: (05/12/2014 04:49:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/12/2014 04:49:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6280943 Error: (05/12/2014 04:49:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6280943 Error: (05/12/2014 04:49:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/12/2014 03:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5897 ==================== Memory info =========================== Percentage of memory in use: 61% Total physical RAM: 4090.9 MB Available physical RAM: 1563.97 MB Total Pagefile: 8179.98 MB Available Pagefile: 5167.25 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:452.66 GB) (Free:330.15 GB) NTFS Drive e: (THOMISTICK) (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F324AF14) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 6E652072) No partition Table on disk 1. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-05-15 20:06:38 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\FAMILI~1\AppData\Local\Temp\pxtcauog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035ff000 45 bytes [00, 10, 04, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035ff02f 23 bytes [80, 00, 10, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076671465 2 bytes [67, 76] .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766714bb 2 bytes [67, 76] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076671465 2 bytes [67, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766714bb 2 bytes [67, 76] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[14680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076671465 2 bytes [67, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[14680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766714bb 2 bytes [67, 76] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[23380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076671465 2 bytes [67, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[23380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766714bb 2 bytes [67, 76] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[23128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076671465 2 bytes [67, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[23128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766714bb 2 bytes [67, 76] .text ... * 2 ---- Processes - GMER 2.1 ---- Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC0726B7-8222-4DF6-B88F-F697813E4F10}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [868](2014-05-15 13:36:17) 000007fefa640000 Process C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (*** suspicious ***) @ C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [2016](2013-12-06 01:30:04) 00000000013d0000 Library C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe [5368](2014-01-03 00:45:04) 0000000003d10000 Library C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe [5368](2013-10-18 23:55:02) 00000000618f0000 Library C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe [5368] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000005f370000 Library C:\ProgramData\PPTCheckEr\p2tq9jcq.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [5408](2014-02-02 19:1 00000000677e0000 Library C:\ProgramData\deal4Real\WiO2nZOb.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [5408](2014-01-29 16:01: 0000000067850000 Library C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [5408](2 0000000067660000 Library C:\ProgramData\deeaLSter\9wOvGBaNBd.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [5408](2014-02-14 16 00000000676d0000 Library C:\ProgramData\webSavver\7QyNLzCFV.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [5408](2014-01-29 16:0 00000000674f0000 Library C:\ProgramData\PPTCheckEr\p2tq9jcq.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [14680](2014-02-02 19 00000000677e0000 Library C:\ProgramData\deal4Real\WiO2nZOb.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [14680](2014-01-29 16:0 0000000067850000 Library C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [14680] 0000000067660000 Library C:\ProgramData\deeaLSter\9wOvGBaNBd.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [14680](2014-02-14 00000000676d0000 Library C:\ProgramData\webSavver\7QyNLzCFV.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [14680](2014-01-29 16 00000000674f0000 Library C:\ProgramData\PPTCheckEr\p2tq9jcq.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23380](2014-02-02 19 00000000677e0000 Library C:\ProgramData\deal4Real\WiO2nZOb.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23380](2014-01-29 16:0 0000000067850000 Library C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23380] 0000000067660000 Library C:\ProgramData\deeaLSter\9wOvGBaNBd.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23380](2014-02-14 00000000676d0000 Library C:\ProgramData\webSavver\7QyNLzCFV.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23380](2014-01-29 16 00000000674f0000 Library C:\ProgramData\PPTCheckEr\p2tq9jcq.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23128](2014-02-02 19 00000000677e0000 Library C:\ProgramData\deal4Real\WiO2nZOb.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23128](2014-01-29 16:0 0000000067850000 Library C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23128] 0000000067660000 Library C:\ProgramData\deeaLSter\9wOvGBaNBd.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23128](2014-02-14 00000000676d0000 Library C:\ProgramData\webSavver\7QyNLzCFV.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [23128](2014-01-29 16 00000000674f0000 ---- EOF - GMER 2.1 ---- |
15.05.2014, 20:33 | #2 |
Ruhe in Frieden † 2019 | Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstelltIch habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld
__________________ |
15.05.2014, 20:53 | #3 |
Ruhe in Frieden † 2019 | Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Thomas,
__________________wie läuft der Rechner nach folgenden Schritten? Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : Babylon toolbar deal4Real deeaLSter Internet Explorer Toolbar 4.6 by SweetPacks Internet Updater Java 7 Update 25 McAfee Security Scan Plus Optimizer Pro v3.2 Softonic toolbar on IE SweetIM for Messenger 3.7 SweetPacks bundle uninstaller TelevisionFanatic Toolbar Update Manager for SweetPacks 1.1 Updater VideoPerformer Websteroids Yontoo 1.10.02 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
__________________ |
17.05.2014, 08:18 | #4 |
| Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Schritt 1 --> erledigt Schritt 2 --> mbam.txt angehängt Schritt 3 --> eset ausgeführt (hat über 5 Stunden gedauert) log.txt angehängt Schritt 4 --> frst.txt und addition.txt angehängt danke und Gruß Thomas Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.05.2014 Suchlauf-Zeit: 19:02:54 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.16.11 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Familie Hüneke Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 281578 Verstrichene Zeit: 27 Min, 19 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 146 PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\webbsaver.webbsaver, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\webbsaver.webbsaver.6.2, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\webbsaver.webbsaver, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\webbsaver.webbsaver.6.2, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{F3EBFEB9-6F22-9717-3407-AE199EDA8101}\INPROCSERVER32, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{A4F646B3-3920-98D8-E4DC-F0749868EF63}, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A4F646B3-3920-98D8-E4DC-F0749868EF63}, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A4F646B3-3920-98D8-E4DC-F0749868EF63}, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\LucikyShopppEuR.LucikyShopppEuR, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\LucikyShopppEuR.LucikyShopppEuR.1.2, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\LucikyShopppEuR.LucikyShopppEuR, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\LucikyShopppEuR.LucikyShopppEuR.1.2, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4F646B3-3920-98D8-E4DC-F0749868EF63}, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4F646B3-3920-98D8-E4DC-F0749868EF63}, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4F646B3-3920-98D8-E4DC-F0749868EF63}, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A4F646B3-3920-98D8-E4DC-F0749868EF63}, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A4F646B3-3920-98D8-E4DC-F0749868EF63}, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{A4F646B3-3920-98D8-E4DC-F0749868EF63}\INPROCSERVER32, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\PPTCCheckeR.PPTCCheckeR, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\PPTCCheckeR.PPTCCheckeR.5.4, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PPTCCheckeR.PPTCCheckeR, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PPTCCheckeR.PPTCCheckeR.5.4, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{3BC49F3A-4932-1B46-8C91-F5E27B8931DD}\INPROCSERVER32, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [a972064c4833be78d0f6f569f80a22de], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [a972064c4833be78d0f6f569f80a22de], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [a972064c4833be78d0f6f569f80a22de], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [a972064c4833be78d0f6f569f80a22de], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [1a012d25631851e57c0a60c9af535aa6], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [1a012d25631851e57c0a60c9af535aa6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, In Quarantäne, [fa2129291a61270f6263a2bc50b2748c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [fa2129291a61270f6263a2bc50b2748c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [fa2129291a61270f6263a2bc50b2748c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [fa2129291a61270f6263a2bc50b2748c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [fa2129291a61270f6263a2bc50b2748c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, In Quarantäne, [031886cc3a412511eddc25391fe333cd], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, In Quarantäne, [031886cc3a412511eddc25391fe333cd], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, In Quarantäne, [031886cc3a412511eddc25391fe333cd], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\SWEETIE.IEToolbar.1, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\SWEETIE.IEToolbar, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SWEETIE.IEToolbar, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SWEETIE.IEToolbar.1, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35B-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35B-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE.1, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SWEETIE, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SWEETIE.1, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetPacks, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [76a52230afcc6bcb4e79cd91ca380af6], PUP.Optional.MoodTube.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, In Quarantäne, [d447f55d1a61a5912ba7ee3921e1916f], PUP.Optional.MoodTube.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, In Quarantäne, [d447f55d1a61a5912ba7ee3921e1916f], PUP.Optional.Softonic.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, In Quarantäne, [c3584f035328171fb7d1a384e220ca36], PUP.Optional.Softonic.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, In Quarantäne, [c3584f035328171fb7d1a384e220ca36], PUP.Optional.MindSpark.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5D79F641-C168-40DF-A32F-BACEA7509E75}, In Quarantäne, [bd5e4b077dfe9f97df12161019e9c23e], PUP.Optional.MindSpark.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5D79F641-C168-40DF-A32F-BACEA7509E75}, In Quarantäne, [bd5e4b077dfe9f97df12161019e9c23e], PUP.Optional.MindSpark.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C98D5B61-B0EA-4D48-9839-1079D352D880}, In Quarantäne, [dd3edd75a3d8cc6a12e21610a16156aa], PUP.Optional.MindSpark.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C98D5B61-B0EA-4D48-9839-1079D352D880}, In Quarantäne, [dd3edd75a3d8cc6a12e21610a16156aa], PUP.Optional.MindSpark.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}, In Quarantäne, [5bc0232f582352e4c82d40e61ce6847c], PUP.Optional.MindSpark.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}, In Quarantäne, [5bc0232f582352e4c82d40e61ce6847c], PUP.Optional.Softonic.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, In Quarantäne, [2bf06ee40e6d70c6cabfca5d41c131cf], PUP.Optional.Softonic.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, In Quarantäne, [2bf06ee40e6d70c6cabfca5d41c131cf], PUP.Optional.Yontoo.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [c35890c20f6c0333147b190c58aa4cb4], PUP.Optional.Yontoo.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [c35890c20f6c0333147b190c58aa4cb4], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, In Quarantäne, [9b80391905761a1c329670ee9b679b65], PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, In Quarantäne, [c2591d35d5a6e65087af0e510ff336ca], PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, In Quarantäne, [a5761042fa811620a69090cfaa582ed2], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{25AAE41B-C7A6-D04E-BABC-2D1B0D1DF4B0}, In Quarantäne, [b9628cc628537fb7ac0f143548b9aa56], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5CDF2354-26AF-2DBC-1012-44FEDFCC75BB}, In Quarantäne, [968529299ddecb6bab1015343ac7718f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}, In Quarantäne, [5bc0be94413a979fe1dad079956c8c74], PUP.Optional.ATDheNetTVAp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, In Quarantäne, [9487f85aee8de3538c1b248f2ad9e51b], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, In Quarantäne, [ad6ef062166572c4ddea34838e7503fd], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, In Quarantäne, [8d8ef45e6813f44219ae387f659e629e], PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, In Quarantäne, [12090e441f5c49ed69635c57fb0833cd], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [8497bf93007b59ddf12e930ad2303dc3], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, In Quarantäne, [8a911f331962a096d1f68e29fc072dd3], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, In Quarantäne, [7d9e87cb28531e182a9d2a8d14efa25e], PUP.Optional.ATDheNetTVAp.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bgnnidmnbdkmhfkjgdnngciimpdgohok, In Quarantäne, [72a9be945c1f67cfc6e2feb50bf80af6], PUP.Optional.Gophoto.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfmopbbadnfoelckkcmjjeaaegjpjjbk, In Quarantäne, [c15a6ce6daa1d066866efbbb887b3ac6], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [d249bc96780382b43fe73f74a45f6898], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [7aa1193977043600721fe0d38c77d030], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [38e3a5adcbb0d85e7e6d229380833fc1], PUP.Optional.DataMngr.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [908b1a384a312610c252377b8c77966a], PUP.Optional.DataMngr.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [d3482230c6b5b97d967d2c86a45f8779], PUP.Optional.Babylon.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [56c557fbed8e75c15ebc82314bb8bf41], PUP.Optional.BProtector.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [19024f035e1dec4a9ecf9b1a58ab0cf4], PUP.Optional.SweetIM.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [9e7dc88a3942c76fcb5a545f5ea5857b], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], Registrierungswerte: 7 PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EEE6C35B-6118-11DC-9C72-001320C79847}, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1763663177383149567, In Quarantäne, [d249bc96780382b43fe73f74a45f6898] PUP.BProtector, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://search.babylon.com/?affID=117116&tt=4312_1&babsrc=HP_ss&mntrId=f85b6aec0000000000001c659d69f9d3, In Quarantäne, [0b10f45e7506fd39bb5aa210897a24dc] PUP.BProtector, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [76a593bf314aaa8c080e6e44e3206a96] PUP.Optional.SweetIM.A, HKU\S-1-5-21-226801629-1694356093-2921946897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1763663177383149567, In Quarantäne, [9e7dc88a3942c76fcb5a545f5ea5857b] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE, 1, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL, 1, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0] Registrierungsdaten: 0 (No malicious items detected) Ordner: 19 Adware.InstallBrain, C:\ProgramData\IBUpdaterService, In Quarantäne, [2dee1b3706754aec4cbdf09c26dd28d8], PUP.Optional.ATDheNetTVAp.A, C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com, In Quarantäne, [20fbe46ec9b2fd39f8ae644fa1621ee2], PUP.Optional.ATDheNetTVAp.A, C:\Program Files (x86)\ATDheNetTVApp.com, In Quarantäne, [9487f85aee8de3538c1b248f2ad9e51b], PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it, In Quarantäne, [1dfe4d054635e74f46adc1f5e41fa45c], PUP.Optional.FileScout.A, C:\Users\Familie Hüneke\AppData\Roaming\File Scout, In Quarantäne, [36e55af8d0ab2b0b01f176fa857d2ad6], PUP.Optional.Conduit.A, C:\Users\Familie Hüneke\AppData\Local\Temp\CT3317209, In Quarantäne, [c556ef638fec34025af793deaf53ec14], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.MindSpark.A, C:\Program Files (x86)\TelevisionFanatic\bar\1.bin, In Quarantäne, [37e42b273645af87f322f783bd45c33d], PUP.Optional.Yontoo.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc, In Quarantäne, [24f76ce60f6c3402a4c92c5338ca41bf], PUP.Optional.Yontoo.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0, In Quarantäne, [24f76ce60f6c3402a4c92c5338ca41bf], Dateien: 237 PUP.Optional.MultiPlug.A, C:\ProgramData\webSavver\7QyNLzCFV.x64.dll, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, C:\ProgramData\webSavver\7QyNLzCFV.dll, In Quarantäne, [13088bc78deed066ba01c0898a77ba46], PUP.Optional.MultiPlug.A, C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.x64.dll, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.dll, In Quarantäne, [d843e66c5229c27476457ecb768b20e0], PUP.Optional.MultiPlug.A, C:\ProgramData\PPTCheckEr\p2tq9jcq.x64.dll, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.MultiPlug.A, C:\ProgramData\PPTCheckEr\p2tq9jcq.dll, In Quarantäne, [809b361c95e6c76f9823ed5c8180916f], PUP.Optional.SweetPacks, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll, In Quarantäne, [df3c84cedc9f64d2cf77cd5e966ced13], PUP.Optional.MultiPlug.A, C:\ProgramData\deal4Real\WiO2nZOb.exe, In Quarantäne, [e2399bb7fa81ce68b10a0d3c3fc27e82], PUP.Optional.MultiPlug.A, C:\ProgramData\deeaLSter\9wOvGBaNBd.exe, In Quarantäne, [8398cb87b2c985b11e9d6fda91707789], PUP.Optional.MultiPlug.A, C:\ProgramData\PPTCheckEr\p2tq9jcq.exe, In Quarantäne, [b9628cc628537fb7ac0f143548b9aa56], PUP.Optional.MultiPlug.A, C:\ProgramData\webSavver\7QyNLzCFV.exe, In Quarantäne, [968529299ddecb6bab1015343ac7718f], PUP.Optional.MultiPlug.A, C:\ProgramData\LuckyyShoopperr\CrPyJtOK__.exe, In Quarantäne, [5bc0be94413a979fe1dad079956c8c74], PUP.Optional.SearchProtect.A, C:\Users\Familie Hüneke\AppData\Local\Temp\nsjFDBA.exe, In Quarantäne, [d8434a08314a80b67565ee3ae71a43bd], PUP.Optional.SearchProtect.A, C:\Users\Familie Hüneke\AppData\Local\Temp\nsoF502.exe, In Quarantäne, [71aabb97fe7d89ade5f554d4a061ff01], PUP.Optional.SearchProtect.A, C:\Users\Familie Hüneke\AppData\Local\Temp\nst6FA0.exe, In Quarantäne, [8a91e76bdba07fb74d8d2afeb24fab55], PUP.Optional.SearchProtect.A, C:\Users\Familie Hüneke\AppData\Local\Temp\nst7607.exe, In Quarantäne, [f4272e24d5a676c0af2b02264cb5dc24], PUP.Optional.SearchProtect.A, C:\Users\Familie Hüneke\AppData\Local\Temp\nsd27B.exe, In Quarantäne, [cf4c0c464d2ee0562dad40e8659c8d73], PUP.Optional.SearchProtect.A, C:\Users\Familie Hüneke\AppData\Local\Temp\nsfBB47.exe, In Quarantäne, [50cb58fa8cef74c26b6f38f0798807f9], PUP.Optional.SearchProtect.A, C:\Users\Familie Hüneke\AppData\Local\Temp\nsj7AAA.exe, In Quarantäne, [0714a0b2bac194a202d8e840bf4210f0], PUP.Optional.Conduit.A, C:\Users\Familie Hüneke\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [8f8c59f90a712214f8d38e8f09f829d7], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaE4FC.exe, In Quarantäne, [8e8dbf933744cb6bdbff0b1d24dd8b75], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslB028.exe, In Quarantäne, [dc3fe86a1467b28436a4a484b1506898], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslE367.exe, In Quarantäne, [df3c55fddaa174c28b4fa385da27c937], PUP.Optional.SweetIM, C:\Windows\Installer\110bbec.msi, In Quarantäne, [0d0ef75b1962d4628af9f47a61a303fd], PUP.Optional.SweetIM, C:\Windows\Installer\110bbf2.msi, In Quarantäne, [64b7ca884b30fd39176c6fff23e128d8], PUP.Optional.SweetIM, C:\Windows\Installer\110bbf8.msi, In Quarantäne, [bc5f81d1fb8046f0c3c0610db153de22], PUP.Optional.GoPhoto.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\extensions\gophoto@gophoto.it.xpi, In Quarantäne, [24f7223064173afc599edaa9fe047090], PUP.Optional.SweetIM.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\sweetim.xml, In Quarantäne, [1cff63efceadd1652606d9abbe44c43c], PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\babylon.xml, In Quarantäne, [2af11042433868ce5cb8e9a843bf19e7], PUP.Optional.BProtector.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\bprotector_extensions.sqlite, In Quarantäne, [f5260052f487e84eec376e23729028d8], PUP.Optional.BProtector.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\bprotector_prefs.js, In Quarantäne, [a477ea686c0fdc5afa2a1081e61c47b9], PUP.Optional.Conduit.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\conduit-search.xml, In Quarantäne, [be5d3022f78446f091b0f49d2ed4cb35], PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml, In Quarantäne, [1308fb57f38845f1ada5b3e311f1bb45], Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [2dee1b3706754aec4cbdf09c26dd28d8], PUP.Optional.ATDheNetTVAp.A, C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com\ATDheNetTVApp.lnk, In Quarantäne, [20fbe46ec9b2fd39f8ae644fa1621ee2], PUP.Optional.ATDheNetTVAp.A, C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com\Uninstall.lnk, In Quarantäne, [20fbe46ec9b2fd39f8ae644fa1621ee2], PUP.Optional.ATDheNetTVAp.A, C:\Program Files (x86)\ATDheNetTVApp.com\stv11.crx, In Quarantäne, [9487f85aee8de3538c1b248f2ad9e51b], PUP.Optional.ATDheNetTVAp.A, C:\Program Files (x86)\ATDheNetTVApp.com\ATDheNetTVApp.exe, In Quarantäne, [9487f85aee8de3538c1b248f2ad9e51b], PUP.Optional.ATDheNetTVAp.A, C:\Program Files (x86)\ATDheNetTVApp.com\stvtemp.xpi, In Quarantäne, [9487f85aee8de3538c1b248f2ad9e51b], PUP.Optional.ATDheNetTVAp.A, C:\Program Files (x86)\ATDheNetTVApp.com\uninst.exe, In Quarantäne, [9487f85aee8de3538c1b248f2ad9e51b], PUP.Optional.BProtector.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data, In Quarantäne, [0e0d2d2582f92511c4aac1f410f39e62], PUP.Optional.BProtector.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences, In Quarantäne, [27f458fab2c988aef976bcf9db28d22e], PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it\gophotoit14.crx, In Quarantäne, [1dfe4d054635e74f46adc1f5e41fa45c], PUP.Optional.FileScout.A, C:\Users\Familie Hüneke\AppData\Roaming\File Scout\uninst.exe, In Quarantäne, [36e55af8d0ab2b0b01f176fa857d2ad6], PUP.Optional.Conduit.A, C:\Users\Familie Hüneke\AppData\Local\Temp\CT3317209\ddt.csf, In Quarantäne, [c556ef638fec34025af793deaf53ec14], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png, In Quarantäne, [c853341eb7c4a393bc98c8a918ea60a0], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\128.png, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\48.png, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\background.html, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\logger.js, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\main.js, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\manifest.json, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\newtab.html, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\newtab.js, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\remote.js, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\simapp.js, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.WhiteSmoke.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\toolbar.js, In Quarantäne, [ea31a4ae116a013591ed2352788a6f91], PUP.Optional.MindSpark.A, C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe, In Quarantäne, [37e42b273645af87f322f783bd45c33d], PUP.Optional.MindSpark.A, C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll, In Quarantäne, [37e42b273645af87f322f783bd45c33d], PUP.Optional.MindSpark.A, C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL, In Quarantäne, [37e42b273645af87f322f783bd45c33d], PUP.Optional.Yontoo.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\background.html, In Quarantäne, [24f76ce60f6c3402a4c92c5338ca41bf], PUP.Optional.Yontoo.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\manifest.json, In Quarantäne, [24f76ce60f6c3402a4c92c5338ca41bf], PUP.Optional.Yontoo.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js, In Quarantäne, [24f76ce60f6c3402a4c92c5338ca41bf], PUP.Optional.Conduit.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage" : "hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&SSPV=",), Ersetzt,[8a91f35f59223ff740e02b4d19eb966a] PUP.Optional.SweetPacks.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage_url" : "hxxp://www.sweetpacks.com",), Ersetzt,[76a55df53b4022146cd8d4a4bf45ed13] PUP.Optional.Conduit.A, C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "search_url" : "hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&q={searchTerms}&SSPV=",), Ersetzt,[b467c290a4d77db97e0085f3758f47b9] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), Ersetzt,[32e941111b60b284efafb8bfa36105fb] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), Ersetzt,[c457074b304ba19559456c0be222c33d] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), Ersetzt,[ea318dc5d8a37fb7b0ee66116e967789] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), Ersetzt,[110a8fc3a5d6f442900e0176a262d32d] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), Ersetzt,[3cdf7dd5cbb075c10797d3a4e51f33cd] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "f85b6aec0000000000001c659d69f9d3");), Ersetzt,[978481d1e992092d841a6314d62e54ac] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15640");), Ersetzt,[809ba3afe596bd79f2ac522584809769] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), Ersetzt,[d9428dc5c2b9f046306e45320df7837d] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), Ersetzt,[051673df691258dee7b781f65fa512ee] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), Ersetzt,[1a01133fcab16acc1e80067116eec13f] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), Ersetzt,[25f64a08641745f12d71ef8837cda25e] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f85b6aec0000000000001c659d69f9d3&q=");), Ersetzt,[fa219eb4c1baf4428b13393ea460f010] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");), Ersetzt,[4ecd4d05760553e3e1bdeb8cba4a4fb1] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");), Ersetzt,[a279aea48dee33034a547403a16302fe] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[c05bd47e394277bfdcc2294ee71ddb25] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.815:48:59");), Ersetzt,[2af1a4ae6516e254425cef8860a4bd43] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.admin", false);), Ersetzt,[9b80c68c1665999da8f7e5924db79e62] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.aflt", "SD");), Ersetzt,[1704331fdba0da5c4659185f4fb5c33d] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.autoRvrt", "false");), Ersetzt,[8596b1a1d4a7a98dcbd46c0b1aea18e8] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.cntry", "DE");), Ersetzt,[9f7cda785a219f97a8f70b6c5ca820e0] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.cv", "cv5");), Ersetzt,[e338f1610873db5b950a096e897b26da] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltLng", "de");), Ersetzt,[d04b084af78443f3ffa0e88faf55ee12] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltSrch", true);), Ersetzt,[7d9ec58dc6b5a88e0798b2c59c68de22] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");), Ersetzt,[38e392c0a9d2bf77108f9add0df7649c] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dspOld", "");), Ersetzt,[4ecd2032304be650257aa9ce61a34db3] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.envrmnt", "production");), Ersetzt,[25f64e0486f555e1edb20b6cca3a6898] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.excTlbr", false);), Ersetzt,[bc5ff45e1566989e89164d2a6b99b34d] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hdrMd5", "D0CDEF8095EE0B7FD7BB2886325E88D7");), Ersetzt,[34e7430fe29981b5f8a7482f40c47a86] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpg", true);), Ersetzt,[ed2ee07296e536003d62db9c2fd59967] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=");), Ersetzt,[ac6f61f1a2d9b4820897da9d64a011ef] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=");), Ersetzt,[4dce1141007bd95ddcc31b5c39cb24dc] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hpOld", "hxxp://de.ask.com/?l=dis&o=");), Ersetzt,[50cb4e04a3d87bbb3d620473e71d24dc] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hrdid", "f85b6aec0000000000001c659d69f9d3");), Ersetzt,[5cbf72e0ea910c2a1887661102023cc4] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.id", "f85b6aec0000000000001c659d69f9d3");), Ersetzt,[d546b9994b30e056207f136435cf8f71] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlDay", "15617");), Ersetzt,[59c297bbb9c28bab920d205753b1a45c] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlRef", "MON00015");), Ersetzt,[62b998ba067576c0c5da4b2c1fe54bb5] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.isdcmntcmplt", true);), Ersetzt,[2deef65ce09b1323dfc00f689e667d83] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=");), Ersetzt,[66b5d47eb8c36bcb5f40beb919eb30d0] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.419:37:14");), Ersetzt,[3be0430f8bf01620c0df15623dc744bc] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.mntrvrsn", "1.3.0");), Ersetzt,[23f8db77562539fd9807d7a027dd3bc5] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.monitorreport", true);), Ersetzt,[1ffcce845e1d38fed3ccb4c37b89718f] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTab", true);), Ersetzt,[a972a0b2bbc0db5b7f20db9cd1332fd1] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=");), Ersetzt,[7c9fe9695c1fab8bbbe43d3afc08758b] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prdct", "Softonic");), Ersetzt,[a576c58d017a102616898aed42c28878] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.propectorlck", 92771507);), Ersetzt,[33e8d57db8c3aa8c1f80b6c106fe728e] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prtkhmpg", 1);), Ersetzt,[f02bfb57a5d6bf77e5ba205715ef659b] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prtnrId", "softonic");), Ersetzt,[f02b75dd344769cdd8c7e79010f4c23e] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1254\",\"name\":\"107,4 Wuppertal\",\"url\":\"mms://edge.live.msmedia.mdn.newmedia.nacamar.net/radiowuppertal$livestream.wma\",\"streamType\":\"mp\"},{\"id\":\"129\",\"name\":\"94,3 r.s. 2\",\"url\":\"hxxp://lsd.newmedia.nacamar.net/bb/redirect.lsc?adid=0\",\"streamType\":\"mp\"},{\"id\":\"1299\",\"name\":\"RauteMusik Club\",\"url\":\"hxxp://club-high.rautemusik.fm/listen.asx\",\"streamType\":\"mp\"},{\"id\":\"1405\",\"name\":\"104.6 RTL\",\"url\":\"hxxp://lsd.newmedia.nacamar.net/bb/redirect.lsc?adid=0\",\"streamType\":\"mp\"},{\"id\":\"2311\",\"name\":\"NDR 90,3\",\"url\":\"hxxp://ndr.ic.llnwd.net/stream/ndr_ndr903_hi_mp3.m3u\",\"streamType\":\"mp\"},{\"id\":\"3399\",\"name\":\"Alpenwelle\",\"url\":\"hxxp://cms.streamfarm.net/cms/_vm100/52759/asx.asx?bgColor=%23EEEEEE\",\"streamType\":\"mp\"},{\"id\":\"4310\",\"name\":\"B5 Aktuell\",\"url\":\"hxxp://streams.br-online.de/b5aktuell_2.asx\",\"streamType\":\"mp\"},{\"id\":\"5105\",\"name\":\"Bayern 2\",\"url\":\"hxxp://streams.br-online.de/bayern2_1.asx\",\"streamType\":\"mp\"},{\"id\":\"512\",\"name\":\"Spreeradio 105,5\",\"url\":\"mms://d852143742.w.sto.core008.cdn.streamfarm.net/23002spreeradio/live/2925spreeradio_live/de_40.wmv\",\"streamType\":\"mp\"},{\"id\":\"521\",\"name\":\"ABS Rotation\",\"url\":\"hxxp://www.laut.fm/user/abs-rotation/stream.asx\",\"streamType\":\"mp\"},{\"id\":\"5214\",\"name\":\"B5 Plus\",\"url\":\"hxxp://streams.br-online.de/b5plus_2.asx\",\"streamType\":\"mp\"},{\"id\":\"5302\",\"name\":\"Berlins Hit Radio RTL\",\"url\":\"hxxp://lsd.newmedia.tiscali-business.com/bb/redirect.lsc?adid=0\",\"streamType\":\"mp\"},{\"id\":\"5615\",\"name\":\"Bayern Mobil\",\"url\":\"hxxp://streams.br-online.de/bayernmobil_1.asx\",\"streamType\":\"mp\"},{\"id\":\"5626\",\"name\":\"RauteMusik FunkY\",\"url\":\"hxxp://funky-high.rautemusik.fm/\",\"streamType\":\"mp\"},{\"id\":\"5698\",\"name\":\"105.5 Spreeradio Trus Collection\",\"url\":\"hxxp://lsd.newmedia.tiscali-business.com/bb/redirect.lsc?adid=0&stream=spreeradioevent/livestream.wma&content=live&media=ms\",\"streamType\":\"mp\"},{\"id\":\"6299\",\"name\":\"Bayern 1\",\"url\":\"hxxp://streams.br-online.de/bayern1_1.asx\",\"streamType\":\"mp\"},{\"id\":\"6320\",\"name\":\"Bayern 3\",\"url\":\"hxxp://streams.br-online.de/bayern3_1.asx\",\"streamType\":\"mp\"}]");), Ersetzt,[20fb63ef423968ce811e4e29e32145bb] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");), Ersetzt,[fe1d371b512a91a51788146336ce41bf] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.savedVrsnTs", "1");), Ersetzt,[c05bb99982f93303702fcfa89d67cb35] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.sg", "az");), Ersetzt,[6bb0ff53d9a2b87e2679de9944c046ba] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.smplGrp", "none");), Ersetzt,[e73477db770495a1ced191e6d2324bb5] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.srch", "");), Ersetzt,[d645f45efc7f92a4821ddc9bed17ae52] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");), Ersetzt,[51ca5ff3780338fef1ae99de54b0c838] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrId", "base");), Ersetzt,[d7444e043645082e7e21fe793acadf21] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=");), Ersetzt,[c2592c269eddf343554a680f41c3af51] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsn", "1.6.7.4");), Ersetzt,[4ccf3a187ffcf83e425dcdaa28dcbb45] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsnTs", "1.6.7.419:37:14");), Ersetzt,[a17aa9a9b7c45bdb9b0480f70df7b24e] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsni", "1.6.7.4");), Ersetzt,[ce4d4d056c0fe94d2b74c0b7ad57cd33] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic_i.dnsErr", true);), Ersetzt,[b764eb679ae176c05748db9cd232be42] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic_i.hmpg", true);), Ersetzt,[36e51c367cffd363930cef88ab59cc34] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic_i.newTab", true);), Ersetzt,[5fbc3e145922f3432e71b6c1b1538a76] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic_i.smplGrp", "none");), Ersetzt,[f922163c4e2d1125534c6e0934d059a7] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.419:37:14");), Ersetzt,[f328a4aed1aa86b08e11383f9371fd03] PUP.Optional.Softonic.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js, Gut: (), Schlecht: (user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.softonic.com/?q=");), Ersetzt,[0912ada5b0cbc076b0f980f726de8878] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f85b6aec0000000000001c659d69f9d3&q=");), Ersetzt,[140777db25567abc78a0bdba6c989868] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "f85b6aec0000000000001c659d69f9d3");), Ersetzt,[45d663ef6f0c41f576a230478e7638c8] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), Ersetzt,[3fdc1a38700bb97d4cccccab897bd62a] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15640");), Ersetzt,[ea31143ed3a8cb6baa6eadca6d9758a8] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");), Ersetzt,[a576a2b0df9c4de924f498dfc83c34cc] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");), Ersetzt,[b26919395526a78fce4ada9d877d718f] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.815:48:59");), Ersetzt,[b16a82d0502be056f325c2b545bfdb25] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), Ersetzt,[74a7d0829edd350156c22c4b63a11ae6] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), Ersetzt,[c259e969aad1d16561b7205706fe41bf] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), Ersetzt,[d6457bd797e4bd79a0789bdc49bbe020] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[d744163cb3c8e84ee533bfb810f41ee2] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), Ersetzt,[1ffc70e2fd7e53e39c7c1562ff051ee2] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), Ersetzt,[29f26ce6b7c4fc3a63b578ff4eb6c63a] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), Ersetzt,[66b5c48e2c4f4de9b3652255c63e0ff1] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), Ersetzt,[3be0bd957b00a294ac6c2c4ba36124dc] PUP.Optional.Babylon.A, C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), Ersetzt,[2eed450d6f0cbd790d0b3e397391659b] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=8f60ae5389889246a68d6d2994131ad8 # engine=18291 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-16 10:54:51 # local_time=2014-05-17 12:54:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 26204252 151910741 0 0 # scanned=259092 # found=25 # cleaned=0 # scan_time=20185 sh=25D2D351D1F97779DF2D9B8A61BA7EB1B9AAA230 ft=0 fh=0000000000000000 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Daten\Software\FFSetup295.zip" sh=84049C78E02A5A92DABE9CE1E8189A0B1A0A48E9 ft=1 fh=3dfb37750adebd81 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Daten\Software\SoftonicDownloader_fuer_cyberlink-powercinema.exe" sh=45425BD3453F3243BB29E9477D83E175682C7B50 ft=1 fh=e49eb8e1cc0337b7 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Daten\Software\SoftonicDownloader_fuer_mp3directcut.exe" sh=5D03315943D2B0FCB7F8F4A2D8947813BCADECE6 ft=1 fh=4df7e6a40d27464f vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Daten\Software\Samsung_Kies\Samsung_Kies_TSV2LWRB.exe" sh=E4009E246E26E428D16B11C00146E2AA8A980091 ft=1 fh=73adb8bd4c89e11f vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Daten\Software\WinZip\SoftonicDownloader_fuer_winzip.exe" sh=15780E2D434C0E4141659CE6CBF61C7C6ACA059F ft=1 fh=4015be178e691f54 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\64Uninstall TelevisionFanatic.dll" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe" sh=C6A9FB024D614702667E0768E0B673BA3A31F504 ft=1 fh=aa62bac49704426f vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll" sh=20DD3F5BACF16259B57E6D2BDA850BAE8DD261A6 ft=1 fh=c71c0011f9b0d4e4 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarApp.dll" sh=C367DBCC01A57999F0B471AE898C712F4E68A259 ft=1 fh=c71c00117da29856 vn="Variante von Win32/Toolbar.Babylon.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarEng.dll" sh=25F2DDBA03B908062AFB4EF93DC057F214263A58 ft=1 fh=c71c00114a771025 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarsrv.exe" sh=51A4AD017726FFC17ACFF7862118206F636F1EB4 ft=1 fh=c71c0011f06f9361 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarTlbr.dll" sh=A2833427129285B2B50453419ED72AF63B8E7FDE ft=1 fh=31c40c766444b949 vn="Win32/Toolbar.Montiera.J evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~escortShld.dll" sh=EAD1EE01C0FF5C843913F4ACA179569077D3B069 ft=1 fh=c71c00112d9cbb77 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~bh\~BabylonToolbar.dll" sh=6C92817D1BBE23989422178E73A016E6C6125DA8 ft=1 fh=2a5579c3bdb32c4a vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Familie Hüneke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R7131HZ\Player Setup[1].exe" sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Familie Hüneke\AppData\Local\Temp\is-AG0GA.tmp\OptProCrash.dll" sh=37B6DF1A210AB605A28A024B89558951FE451B77 ft=1 fh=b9bb0c16c5f371cb vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\Users\Familie Hüneke\AppData\Local\Temp\nsdD7E.tmp\Helper.dll" sh=C66AADA54C4F0C005F299AD4270F95C46F1890A0 ft=1 fh=c2bf06d0849d0120 vn="Variante von Win32/ExFriendAlert.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Familie Hüneke\AppData\Local\Temp\nsdD7E.tmp\util_ex.dll" sh=C98108DC08DFB67942CD0F6B757749615DDF2482 ft=1 fh=082a7694df13ab1f vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Familie Hüneke\AppData\Local\Temp\nsn303B.tmp\webapphost.dll" sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Familie Hüneke\AppData\Local\Temp\{8733917E-6B73-4E5B-9203-CE66C11BEEB6}\setup.exe" sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Familie Hüneke\AppData\Roaming\BabSolution\Shared\BabMaint.exe" sh=7664F6A327E5201011200E703489577A0971AB77 ft=1 fh=c71c0011451c6a93 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Familie Hüneke\AppData\Roaming\BabSolution\Shared\BUSolution.dll" sh=D20146018CC2327122B2692E355F353DFA6D571A ft=1 fh=641303b82d1a41cf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Familie Hüneke\Downloads\FreeYouTubeToMP3Converter_3.10.17.exe" sh=A7FAC7AA9D06FD3414EEFA60572D9FC6BBA61B01 ft=1 fh=c9f98c23c98cdb6b vn="möglicherweise Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\380fdd03.ftf.ftf" |
17.05.2014, 08:20 | #5 |
| Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstelltFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by Familie Hüneke (administrator) on WOHNZIMMER on 17-05-2014 09:05:24 Running from E:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (LaCrosse Technology) C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-29] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [VideoWebCamera] => C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1545568 2010-05-26] (Suyin) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [ICQ] => ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) Startup: C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={E7DA0208-203C-11E2-92E2-1C750800B7DB} SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=2271&ptb=28EE3716-08E7-4B51-98E5-C48C4EEA4509&psa=&ind=2012092909&st=sb&n=77ee19ed&searchfor={searchTerms} SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={E7DA0208-203C-11E2-92E2-1C750800B7DB} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&q={searchTerms}&SSPV= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r= SearchScopes: HKCU - {0BA6F57F-AF92-491C-8675-A55E84FF3BE3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=a02c8609-cea3-4a4c-9069-8862b8756f9d&apn_sauid=EEB0CF73-5FA3-47A7-9DF8-05A17341F48A SearchScopes: HKCU - {0D7434EF-A769-4488-A0F2-E8D3F8F72EE5} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=117116&tt=4312_1&babsrc=SP_ss&mntrId=f85b6aec0000000000001c659d69f9d3 SearchScopes: HKCU - {3AAFA65F-3D8E-487E-8014-5A8CD9BBEBDF} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {5C4BB07E-4E95-450C-B02F-2F41FAC4B482} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {8E32ED50-5AD1-45C8-A8B9-B6DD94042D58} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=2271&ptb=28EE3716-08E7-4B51-98E5-C48C4EEA4509&psa=&ind=2012092909&st=sb&n=77ee19ed&searchfor={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={E7DA0208-203C-11E2-92E2-1C750800B7DB} SearchScopes: HKCU - {F596839C-A855-440B-9ACA-71C401DEA93D} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: iSkysoft iTube Studio - {0F789748-F853-4734-A187-A096F05306E5} - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.) BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll No File BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll No File Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: haufereader - No CLSID Value - Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: haufereader - No CLSID Value - Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 74.208.10.249 gs.apple.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default FF user.js: detected! => C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js FF DefaultSearchEngine: Conduit Search FF SearchEngineOrder.1: Search the web (Babylon) FF SelectedSearchEngine: Conduit Search FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\videomngr.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: webSavver - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\3coxb35@sh-.org [2014-01-29] FF Extension: deeaLSter - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\fehraooy@sj-.edu [2014-02-14] FF Extension: FreeHDSport.TV - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\freehdsport@freehdsport.tv [2012-12-28] FF Extension: GoPhotoIt - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\gophoto@gophoto.it [2013-08-16] FF Extension: PPTCheckEr - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\iauaaio@iuya.net [2014-02-05] FF Extension: deal4Real - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\nwyh6eiae@uoeoucz-.co.uk [2014-01-29] FF Extension: BBetterPriceChec - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\ooy1efsw@cooyuouwm.org [2014-03-18] FF Extension: No Name - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\staged [2013-02-22] FF Extension: Winamp Toolbar - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2013-04-04] FF Extension: Flashblock - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-19] FF Extension: ICQ Toolbar - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-08-22] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-12-29] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013-01-08] FF Extension: FreeHDSport.TV - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\freehdsport@freehdsport.tv.xpi [2012-10-27] FF Extension: WEB.DE MailCheck - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\toolbar@web.de.xpi [2011-12-28] FF Extension: YouTube to MP3 - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-03-17] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-17] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-10-27] FF HKLM-x32\...\Firefox\Extensions: [{7F737E3E-993D-43AB-9109-90C4E82752CC}] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ FF Extension: iSkysoft iTube Studio - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ [] FF HKCU\...\Firefox\Extensions: [{7F737E3E-993D-43AB-9109-90C4E82752CC}] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ FF Extension: iSkysoft iTube Studio - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ [] Chrome: ======= CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&SSPV=" CHR DefaultSearchKeyword: conduit.search CHR DefaultSearchProvider: Conduit Search CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Ask Toolbar) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaplmcbjhigpfkmaffahlojgchbgfk [2013-08-10] CHR Extension: (iSkysoft iTube Studio) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afapmikcgbhfkecdhiokcgledjcpfbfd [2013-10-08] CHR Extension: (FreeHDSport.TV) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok [2013-08-10] CHR Extension: (BBetterPriceChec) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaioaiklojlgnkabahipckfkoajbmako [2014-03-18] CHR Extension: (deal4Real) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\elklmgblhlhcjeildfhdbpgkkkfijfcj [2014-01-29] CHR Extension: (deeaLSter) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaonmipmkibfeihebmdoekopdimendbo [2014-02-14] CHR Extension: (SweetIM for Facebook) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-08-10] CHR Extension: (GoPhoto.it) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-08-10] CHR Extension: (webSavver) - C:\ProgramData\ghonjeljkjgdkabddkchmhmmeipcnhip [2014-01-29] CHR HKLM-x32\...\Chrome\Extension: [aaaaplmcbjhigpfkmaffahlojgchbgfk] - C:\Users\Familie Hüneke\AppData\Local\APN\GoogleCRXs\aaaaplmcbjhigpfkmaffahlojgchbgfk_7.16.0.0.crx [2012-07-06] CHR HKLM-x32\...\Chrome\Extension: [afapmikcgbhfkecdhiokcgledjcpfbfd] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRChromePlugin.crx [2013-10-08] CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-10-27] CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-10-27] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated) S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.) R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools) R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 WV5Communication; C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe [1843712 2011-01-18] (LaCrosse Technology) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [204568 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr)) S1 klfbmhmg; \??\C:\Windows\system32\drivers\klfbmhmg.sys [X] S1 pwluztou; \??\C:\Windows\system32\drivers\pwluztou.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-16 19:15 - 2014-05-16 19:15 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-16 18:28 - 2014-05-17 03:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 18:27 - 2014-05-16 18:32 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 18:27 - 2014-05-16 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 18:27 - 2014-05-16 18:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-16 18:27 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-16 18:27 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-16 18:27 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-16 18:18 - 2012-09-29 15:39 - 00699536 _____ (MindSpark) C:\Program Files (x86)\64Uninstall TelevisionFanatic.dll 2014-05-16 18:18 - 2012-09-29 15:39 - 00172456 _____ () C:\Program Files (x86)\64res.dll 2014-05-16 18:11 - 2014-02-13 16:57 - 00000426 _____ () C:\AVScanner.ini 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deeaLSter 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deal4Real 2014-05-16 17:44 - 2014-05-16 17:44 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\DropboxMaster 2014-05-16 17:30 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-16 17:30 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-16 17:30 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-16 17:30 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-16 17:30 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-16 17:29 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 19:40 - 2014-05-17 09:05 - 00000000 ____D () C:\FRST 2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 _____ () C:\Users\Familie Hüneke\defogger_reenable 2014-05-15 15:31 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 15:31 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 15:31 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 15:31 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 15:29 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 15:29 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 15:29 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 15:29 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 15:29 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 15:29 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 15:29 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 15:29 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 15:29 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 15:29 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 15:29 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 15:29 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 15:29 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 15:29 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 15:29 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 15:29 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieUserList 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieSiteList 2014-05-07 11:25 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-07 11:25 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-07 11:25 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-07 11:25 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-07 11:24 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-07 11:24 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-07 11:24 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-07 11:24 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-07 11:24 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-07 11:24 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-07 11:24 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-07 11:24 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-07 11:24 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-07 11:24 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-07 11:24 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-07 11:24 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-07 11:24 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-07 11:24 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-07 11:24 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-07 11:24 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-07 11:24 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-07 11:24 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-07 11:24 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-07 11:24 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-07 11:24 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-07 11:24 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-07 11:24 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-07 11:24 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-07 11:24 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-07 11:24 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-07 11:24 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-07 11:24 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-07 11:24 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-07 11:24 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-07 11:24 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-07 11:24 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-07 11:24 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-07 11:24 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-07 11:24 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-07 11:24 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-07 11:24 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-07 11:24 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-07 11:24 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-07 11:24 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-07 11:23 - 2014-05-16 17:36 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-17 09:05 - 2014-05-15 19:40 - 00000000 ____D () C:\FRST 2014-05-17 09:01 - 2013-08-17 16:59 - 01245994 _____ () C:\Windows\WindowsUpdate.log 2014-05-17 08:27 - 2011-02-06 22:47 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-17 08:18 - 2013-10-12 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-17 03:34 - 2014-05-16 18:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-17 03:01 - 2013-07-30 19:56 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-17 03:01 - 2009-07-14 04:34 - 00000534 _____ () C:\Windows\win.ini 2014-05-17 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-16 19:15 - 2014-05-16 19:15 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-16 19:15 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-16 19:15 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-16 19:13 - 2010-10-26 00:11 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-05-16 19:13 - 2010-10-26 00:11 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-05-16 19:13 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-16 19:10 - 2011-01-09 12:15 - 00000000 ___RD () C:\Users\Familie Hüneke\Dropbox 2014-05-16 19:10 - 2011-01-09 12:12 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\Dropbox 2014-05-16 19:08 - 2011-12-28 12:02 - 00000441 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-16 19:07 - 2013-12-15 09:52 - 00238824 _____ () C:\Windows\PFRO.log 2014-05-16 19:07 - 2013-11-23 13:39 - 00014710 _____ () C:\Windows\setupact.log 2014-05-16 19:07 - 2011-02-06 22:47 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-16 19:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-16 19:03 - 2014-03-18 16:08 - 00000000 ____D () C:\ProgramData\LuckyyShoopperr 2014-05-16 19:03 - 2014-02-14 18:05 - 00000000 ____D () C:\ProgramData\deeaLSter 2014-05-16 19:03 - 2014-02-02 21:19 - 00000000 ____D () C:\ProgramData\PPTCheckEr 2014-05-16 19:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\webSavver 2014-05-16 19:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\deal4Real 2014-05-16 19:03 - 2012-10-27 15:47 - 00000000 ____D () C:\Program Files (x86)\SweetIM 2014-05-16 18:32 - 2014-05-16 18:27 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 18:32 - 2014-05-16 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 18:32 - 2014-05-16 18:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-16 18:27 - 2012-05-13 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-16 18:19 - 2013-12-28 15:27 - 00000000 ____D () C:\ProgramData\Websteroids 2014-05-16 18:11 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 18:10 - 2011-01-20 17:55 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deeaLSter 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deal4Real 2014-05-16 18:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\4dbbd86b8e00d967 2014-05-16 17:59 - 2010-12-30 16:15 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\Skype 2014-05-16 17:44 - 2014-05-16 17:44 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\DropboxMaster 2014-05-16 17:44 - 2012-02-05 17:13 - 00001847 _____ () C:\Windows\wininit.ini 2014-05-16 17:44 - 2011-01-09 12:13 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-16 17:44 - 2010-12-30 22:07 - 00000000 ___RD () C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 17:39 - 2010-12-30 22:07 - 00000000 ___RD () C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 17:36 - 2014-05-07 11:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-16 16:33 - 2013-08-07 13:32 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-16 12:11 - 2011-03-12 09:51 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-16 12:09 - 2013-02-06 18:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 _____ () C:\Users\Familie Hüneke\defogger_reenable 2014-05-15 19:33 - 2010-12-30 22:05 - 00000000 ____D () C:\Users\Familie Hüneke 2014-05-15 15:18 - 2013-10-12 14:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-15 15:18 - 2012-07-25 06:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-15 15:18 - 2011-08-26 21:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieUserList 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieSiteList 2014-05-09 08:14 - 2014-05-15 15:31 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 15:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-07 18:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-06 06:40 - 2014-05-16 17:30 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-16 17:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-16 17:30 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-16 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-16 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-16 17:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-03 17:28 - 2011-01-17 08:36 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Local\CrashDumps 2014-04-26 10:45 - 2013-07-30 19:56 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Local\Microsoft Help Some content of TEMP: ==================== C:\Users\Familie Hüneke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuph15.dll C:\Users\Familie Hüneke\AppData\Local\Temp\setup{090AB543-B1BE-4CB3-811E-A7AF6E5E4984}.exe C:\Users\Familie Hüneke\AppData\Local\Temp\setup{2FB4C8D9-A030-46E7-898D-1C63DE7653EE}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 15:29] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-17 01:34 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014 Ran by Familie Hüneke at 2014-05-17 09:06:15 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2011.1109.2212.39826 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.61109.2218 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2011.1109.2212.39826 - Ihr Firmenname) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVS Audio Converter version 6.3 (HKLM-x32\...\AVS Audio Converter 6.3_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561 - ATI Technologies, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) CDex extraction audio (HKLM-x32\...\CDex) (Version: - ) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Driver Whiz (HKLM-x32\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz) Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen) ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time) Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter version 3.10.17.221 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.10.17.221 - DVDVideoSoft Ltd.) freeTunes*3.0 (HKLM-x32\...\{447E3935-A085-42D4-0001-8BE5E4034B40}) (Version: 3.0.11.1100 - Engelmann Media GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG) Haufe iDesk-Service (HKLM-x32\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe) Heavy Weather Pro WS 2800 EU (HKLM-x32\...\Heavy Weather Pro WS 2800_is1) (Version: - LaCrosse Technology EU) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.) ICQ Toolbar (HKLM-x32\...\ICQToolbar) (Version: 3.0.0 - ICQ) ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iSkysoft iTube Studio(Build 3.5.0.0) (HKLM-x32\...\iSkysoft iTube Studio_is1) (Version: 3.5.0.0 - iSkysoft Software) iTube Player(Build 1.0.0) (HKLM-x32\...\iTube Player_is1) (Version: 1.0.0.6 - iSkySoft) iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden KVB-Erstattungsantrag PC 2.62 (HKLM-x32\...\KVB-Erstattungsantrag PC_is1) (Version: - KVB) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell) Lexware buchhalter 2011 (HKLM-x32\...\{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}) (Version: 16.30.00.0179 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG) Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG) Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version: - ) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Language Pack 2013 - German/Deutsch (HKLM-x32\...\Office15.OMUI.de-de) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office O MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation) Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft SharePoint Designer MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft X MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{a97f0ac6-e34b-400a-8ce4-c4a5ab45344e}) (Version: - Nero AG) Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG) Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Packard Bell Game Console (x32 Version: - WildTangent) Hidden Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent) Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell) Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell) Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell) Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell) Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell ) Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.) Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickSteuer Deluxe 2011 (HKLM-x32\...\{6BCC7669-A863-4C24-804B-9C811C102F71}) (Version: 17.08.00.0005 - Haufe-Lexware GmbH & Co.KG) QuickSteuer DELUXE Wissens-Center 2011 (HKLM-x32\...\{0ABA2DC3-B67B-4D87-AB1B-EC5E9CDF24B3}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG) QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) Registry Mechanic 10.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer) Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (HKLM-x32\...\{90150000-0015-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{02DD2FBD-76D9-4B8B-AAE6-657542F4F6E6}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{7FBE2D23-9F3C-4983-B927-2A4BF600B7A7}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2880980) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{A10C00F8-0A83-4A74-86C5-3D0F9879E101}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{49893259-C896-4972-9B6C-6B75790945F1}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{65D789FD-9118-45AF-8DE4-F49F358A8525}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{65D789FD-9118-45AF-8DE4-F49F358A8525}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{B9DB28D9-15D0-4DDE-A123-C9B82AC9A579}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5EFADE14-CE0B-43BF-ADD2-850FCB79485F}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{8E942418-D7DE-48A4-8210-AD994006EFAA}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2878315) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{47A62B15-D0BF-4A2E-BCE2-939DB491D387}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft) Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.37.3 - SuYin) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 16-05-2014 16:07:17 Removed Java 7 Update 25 16-05-2014 16:08:14 Removed Java 7 Update 25 16-05-2014 16:15:36 Removed SweetPacks bundle uninstaller 16-05-2014 16:16:03 Removed SweetPacks bundle uninstaller 16-05-2014 16:16:49 Removed SweetPacks bundle uninstaller 17-05-2014 01:00:14 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2011-01-21 17:59 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts 74.208.10.249 gs.apple.com ==================== Scheduled Tasks (whitelisted) ============= Task: {02CE0596-0D8E-4CD4-A71A-A33B4CA5F985} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION Task: {18371D80-FFEF-4B2D-8766-428BD923B58C} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {2E1BED31-6F6A-4452-A888-044413529C29} - System32\Tasks\{C9532825-33DF-4EBB-A112-CF0AE6245CDE} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {334101C6-A515-4A9A-B287-0E28F47840AD} - System32\Tasks\{A585D0CD-D5A6-43CA-8C84-02090770408A} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {39924203-1F9C-431F-8CC1-8EA3870D7843} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {5388A25B-F4C6-4671-94C5-218063408613} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06] (Google Inc.) Task: {628230B4-4F92-439B-BD14-E9158ED1E7B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-21] (Microsoft Corporation) Task: {637D3AD7-982C-4720-8014-BD969708C86E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6EB8F5C2-064A-4C86-98F1-267E66C0DAA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {8C1B1B86-7E8D-4CAF-8457-68ACF4EF89BC} - System32\Tasks\{216E5783-33D3-4C77-8664-027B09B78D88} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {8C68B635-0BE6-4965-8580-9E7CA1320FB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06] (Google Inc.) Task: {9A987540-AF09-4C53-A9A6-ED273912BC92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated) Task: {A4D91206-16CE-4E05-987D-1C617AB50BDA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation) Task: {A945B832-7DA3-4855-AFA5-A6F0257113A1} - System32\Tasks\{E897978D-6DC0-4956-951D-151F43D8A078} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {B738C61F-647E-452E-9583-91533C31098F} - System32\Tasks\{AC73A295-92A4-4FA3-BE92-B202B59847C1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {D8478F34-DD21-4EE1-8EA6-FF4F8D9F22A5} - System32\Tasks\{FEA11B8E-9F42-4F8B-BA84-202FFAAA0377} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {E36F5D64-880E-4938-8B88-EE74A893E350} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {E7DF0D8B-2245-46B5-B2E7-51F57DDD43A3} - System32\Tasks\{E324BA03-D051-4A74-AE4F-83D04C7FD0CD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar Task: {F060CED3-533A-4C31-A9B4-9458A0F867A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-21] (Microsoft Corporation) Task: {FED480DC-C243-4A45-81B5-81DC161106C7} - System32\Tasks\{E494D829-1907-4C42-BEEF-DC6945FD1694} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-09 23:09 - 2011-11-09 23:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-03-21 18:37 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-07-30 19:25 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2012-01-25 19:40 - 2010-11-21 12:49 - 00247608 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll 2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll 2012-04-06 10:07 - 2009-08-27 20:04 - 00159744 _____ () C:\Program Files (x86)\HeavyWeatherWV5\sHID.dll 2014-05-16 19:09 - 2014-05-16 19:09 - 00041984 _____ () C:\Users\Familie Hüneke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuph15.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\libcef.dll 2010-10-25 14:28 - 2010-05-26 15:58 - 00046328 _____ () C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll 2010-10-25 14:28 - 2010-05-26 15:58 - 00038136 _____ () C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll 2013-11-15 21:02 - 2013-11-15 21:03 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: msnmsgr => ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader => C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/17/2014 08:59:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/17/2014 01:42:06 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/17/2014 01:40:57 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/16/2014 07:15:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/16/2014 07:15:38 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/16/2014 06:46:51 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/16/2014 06:31:15 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm mbam.exe, Version 1.0.0.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10dc Startzeit: 01cf7123d1bc2559 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe Berichts-ID: 72b813c0-dd17-11e3-a5f3-1c750800b7db Error: (05/16/2014 05:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm IEXPLORE.EXE, Version 11.0.9600.17041 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15d8 Startzeit: 01cf711d4b4cfc71 Endzeit: 119 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error: (05/16/2014 05:32:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm IEXPLORE.EXE, Version 11.0.9600.17041 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 42c Startzeit: 01cf711beb94dea3 Endzeit: 88 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error: (05/16/2014 05:31:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm IEXPLORE.EXE, Version 11.0.9600.17041 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1740 Startzeit: 01cf711b92e10118 Endzeit: 22 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: System errors: ============= Error: (05/16/2014 00:08:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070652 fehlgeschlagen: Update für Microsoft Outlook 2013 (KB2880470) 32-Bit-Edition Error: (05/16/2014 00:07:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070652 fehlgeschlagen: Sicherheitsupdate für Microsoft SharePoint Designer 2013 (KB2863836) 32-Bit-Edition Error: (05/15/2014 10:02:41 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 15.05.2014 um 22:00:52 unerwartet heruntergefahren. Error: (05/15/2014 09:32:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (05/15/2014 08:13:47 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/15/2014 07:05:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (05/15/2014 07:05:39 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/15/2014 02:57:12 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/12/2014 06:32:14 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/11/2014 03:37:14 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (05/17/2014 08:59:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (05/17/2014 01:42:06 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (05/17/2014 01:40:57 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (05/16/2014 07:15:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe Error: (05/16/2014 07:15:38 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe Error: (05/16/2014 06:46:51 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe Error: (05/16/2014 06:31:15 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: mbam.exe1.0.0.50010dc01cf7123d1bc255910C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe72b813c0-dd17-11e3-a5f3-1c750800b7db Error: (05/16/2014 05:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.1704115d801cf711d4b4cfc71119C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (05/16/2014 05:32:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.1704142c01cf711beb94dea388C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (05/16/2014 05:31:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.17041174001cf711b92e1011822C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==================== Memory info =========================== Percentage of memory in use: 57% Total physical RAM: 4090.9 MB Available physical RAM: 1737.64 MB Total Pagefile: 8179.98 MB Available Pagefile: 5719.5 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:452.66 GB) (Free:329.19 GB) NTFS Drive e: (THOMISTICK) (Removable) (Total:1.88 GB) (Free:1.86 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F324AF14) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 6E652072) No partition Table on disk 1. ==================== End Of Log ============================ |
17.05.2014, 21:30 | #6 |
Ruhe in Frieden † 2019 | Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Thomas, Schritt 1 hattest du FileParadeBundle SweetIM for Messenger 3.7 Update Manager for SweetPacks 1.1 deinstalliert? Bitte schaue nochmals nach, ob du diese noch deinstallieren kannst. Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
__________________ --> Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt |
18.05.2014, 09:55 | #7 |
| Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Sandra Ich habe das Programm FileParadeBundle entfernern können. Die Programme SweetIM for Messenger 3.7 Update Manager for SweetPacks 1.1 habe ich nicht in meiner Programm-Liste gefunden. Die Log Files habe ich wieder angehängt. Danke und Gruß Thomas AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 18/05/2014 um 10:40:47 # Aktualisiert 11/05/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Familie Hüneke - WOHNZIMMER # Gestartet von : C:\Daten\Software\ADW_cleaner\adwcleaner_3.208.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : ICQ Service ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\ProgramData\SweetIM Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\ProgramData\Websteroids Ordner Gelöscht : C:\ProgramData\webSavver Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic Ordner Gelöscht : C:\Program Files (x86)\~BabylonToolbar Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar Ordner Gelöscht : C:\Program Files (x86)\registry mechanic Ordner Gelöscht : C:\Program Files (x86)\SweetIM Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Local\apn Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\BabSolution Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard Ordner Gelöscht : C:\Users\Familie Hüneke\Documents\Optimizer Pro Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\SweetPacksToolbarData Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\WinampToolbarData Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F} Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07} Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\3coxb35@sh-.org Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Ordner Gelöscht : C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk Datei Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Datei Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\freehdsport@freehdsport.tv.xpi Datei Gelöscht : C:\Users\Familie Hüneke\Desktop\ATDheNetTVApp.lnk Datei Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\bProtector_extensions.rdf Datei Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\11-suche.xml Datei Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\user.js Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Schlüssel Gelöscht : HKCU\Software\dedb8bb26db912 Schlüssel Gelöscht : HKLM\SOFTWARE\dedb8bb26db912 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mp3directcut_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mp3directcut_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_norton-removal-tool_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_norton-removal-tool_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\filescout Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\performersoft llc Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107} Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] -\\ Mozilla Firefox v25.0.1 (de) [ Datei : C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\prefs.js ] Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=117116&tt=4312_1&babsrc=HP_ss&mntrId=f85b6aec0000000000001c659d69f9d3"); Zeile gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search"); Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search"); Zeile gelöscht : user_pref("extensions.9sVpSQY4yPHo.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url[...] Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false); Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false); Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "f85b6aec0000000000001c659d69f9d3"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15640"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f85b6aec0000000000001c659d69f9d3&q="); Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.815:48:59"); Zeile gelöscht : user_pref("extensions.FVjm2fpP2R.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.i[...] Zeile gelöscht : user_pref("extensions.Icw1.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf[...] Zeile gelöscht : user_pref("extensions.Softonic.admin", false); Zeile gelöscht : user_pref("extensions.Softonic.aflt", "SD"); Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.Softonic.cntry", "DE"); Zeile gelöscht : user_pref("extensions.Softonic.cv", "cv5"); Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de"); Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true); Zeile gelöscht : user_pref("extensions.Softonic.dfltlng", "de"); Zeile gelöscht : user_pref("extensions.Softonic.dfltsrch", true); Zeile gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Zeile gelöscht : user_pref("extensions.Softonic.dspOld", ""); Zeile gelöscht : user_pref("extensions.Softonic.envrmnt", "production"); Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false); Zeile gelöscht : user_pref("extensions.Softonic.hdrMd5", "D0CDEF8095EE0B7FD7BB2886325E88D7"); Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true); Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc="); Zeile gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc="); Zeile gelöscht : user_pref("extensions.Softonic.hpOld", "hxxp://de.ask.com/?l=dis&o="); Zeile gelöscht : user_pref("extensions.Softonic.hrdid", "f85b6aec0000000000001c659d69f9d3"); Zeile gelöscht : user_pref("extensions.Softonic.id", "f85b6aec0000000000001c659d69f9d3"); Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "15617"); Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MON00015"); Zeile gelöscht : user_pref("extensions.Softonic.instlday", "15617"); Zeile gelöscht : user_pref("extensions.Softonic.instlref", "MON00015"); Zeile gelöscht : user_pref("extensions.Softonic.isdcmntcmplt", true); Zeile gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="); Zeile gelöscht : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="); Zeile gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.419:37:14"); Zeile gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); Zeile gelöscht : user_pref("extensions.Softonic.monitorreport", true); Zeile gelöscht : user_pref("extensions.Softonic.newTab", true); Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc="); Zeile gelöscht : user_pref("extensions.Softonic.newtab", true); Zeile gelöscht : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc="); Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic"); Zeile gelöscht : user_pref("extensions.Softonic.propectorlck", 92771507); Zeile gelöscht : user_pref("extensions.Softonic.prtkhmpg", 1); Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic"); Zeile gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic"); Zeile gelöscht : user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1254\",\"name\":\"107,4 Wuppertal\",\"url\":\"mms://edge.live.msmedia.mdn.newmedia.nacamar.net/radiowuppertal$livestream.wma\",\"streamType[...] Zeile gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); Zeile gelöscht : user_pref("extensions.Softonic.savedVrsnTs", "1"); Zeile gelöscht : user_pref("extensions.Softonic.sg", "az"); Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.Softonic.smplgrp", "none"); Zeile gelöscht : user_pref("extensions.Softonic.srch", ""); Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Zeile gelöscht : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)"); Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q="); Zeile gelöscht : user_pref("extensions.Softonic.tlbrid", "base"); Zeile gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q="); Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4"); Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.7.419:37:14"); Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4"); Zeile gelöscht : user_pref("extensions.Softonic.vrsnts", "1.6.7.419:37:14"); Zeile gelöscht : user_pref("extensions.Softonic_i.dnsErr", true); Zeile gelöscht : user_pref("extensions.Softonic_i.hmpg", true); Zeile gelöscht : user_pref("extensions.Softonic_i.newTab", true); Zeile gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.419:37:14"); Zeile gelöscht : user_pref("extensions.UITeFXrQt97.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.[...] Zeile gelöscht : user_pref("extensions.bt8cm8eIOD.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.i[...] Zeile gelöscht : user_pref("icqtoolbar.installsource", "1"); Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "yes"); Zeile gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "none"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530"); Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Zeile gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.newtab.created", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)"); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.softonic.com/?q="); Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Zeile gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1"); Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...] Zeile gelöscht : user_pref("sweetim.toolbar.search.history", "liebes%20spr%C3%BCche,collage%20erstellen"); Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10"); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false"); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{E7DA0208-203C-11E2-92E2-1C750800B7DB}"); Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011"); Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0"); -\\ Google Chrome v31.0.1650.63 [ Datei : C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms} Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=MNC&o=15092&locale=de_DE&apn_uid=a02c8609-cea3-4a4c-9069-8862b8756f9d&apn_ptnrs=MF&apn_sauid=EEB0CF73-5FA3-47A7-9DF8-05A17341F48A&apn_dtid=YYYYYYYYDE&q={searchTerms} Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=117116&tt=4312_2&babsrc=SP_ss&mntrId=f85b6aec0000000000001c659d69f9d3 Gelöscht [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel Gelöscht [Extension] : bfcpnihmbfoaeoakalclfalkdepgiaje Gelöscht [Extension] : bgnnidmnbdkmhfkjgdnngciimpdgohok Gelöscht [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon Gelöscht [Extension] : hgojaaaiddhmiiakpejiklijbalpckih Gelöscht [Extension] : jcdgjdiieiljkfkdcloehkohchhpekkn Gelöscht [Extension] : mocblcnaofikinigmceddfghppkkjbog Gelöscht [Extension] : niapdbllcanepiiimjjndipklodoedlc Gelöscht [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj Gelöscht [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk ************************* AdwCleaner[R0].txt - [35549 octets] - [18/05/2014 10:38:30] AdwCleaner[S0].txt - [34265 octets] - [18/05/2014 10:40:47] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [34326 octets] ########## [/CODE] |
18.05.2014, 09:56 | #8 |
| Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstelltFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by Familie Hüneke (administrator) on WOHNZIMMER on 18-05-2014 10:49:55 Running from E:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (LaCrosse Technology) C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Dropbox, Inc.) C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-29] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [VideoWebCamera] => C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1545568 2010-05-26] (Suyin) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [ICQ] => ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung) HKU\S-1-5-21-226801629-1694356093-2921946897-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) Startup: C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r= SearchScopes: HKCU - {0BA6F57F-AF92-491C-8675-A55E84FF3BE3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=a02c8609-cea3-4a4c-9069-8862b8756f9d&apn_sauid=EEB0CF73-5FA3-47A7-9DF8-05A17341F48A SearchScopes: HKCU - {0D7434EF-A769-4488-A0F2-E8D3F8F72EE5} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {3AAFA65F-3D8E-487E-8014-5A8CD9BBEBDF} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {5C4BB07E-4E95-450C-B02F-2F41FAC4B482} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {8E32ED50-5AD1-45C8-A8B9-B6DD94042D58} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {F596839C-A855-440B-9ACA-71C401DEA93D} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: iSkysoft iTube Studio - {0F789748-F853-4734-A187-A096F05306E5} - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: haufereader - No CLSID Value - Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: haufereader - No CLSID Value - Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 74.208.10.249 gs.apple.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\videomngr.xml FF SearchPlugin: C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: deeaLSter - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\fehraooy@sj-.edu [2014-02-14] FF Extension: FreeHDSport.TV - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\freehdsport@freehdsport.tv [2012-12-28] FF Extension: GoPhotoIt - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\gophoto@gophoto.it [2013-08-16] FF Extension: PPTCheckEr - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\iauaaio@iuya.net [2014-02-05] FF Extension: deal4Real - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\nwyh6eiae@uoeoucz-.co.uk [2014-01-29] FF Extension: BBetterPriceChec - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\ooy1efsw@cooyuouwm.org [2014-03-18] FF Extension: No Name - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\staged [2013-02-22] FF Extension: Flashblock - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-19] FF Extension: WEB.DE MailCheck - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\toolbar@web.de.xpi [2011-12-28] FF Extension: YouTube to MP3 - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-03-17] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-17] FF HKLM-x32\...\Firefox\Extensions: [{7F737E3E-993D-43AB-9109-90C4E82752CC}] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ FF Extension: iSkysoft iTube Studio - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ [] FF HKCU\...\Firefox\Extensions: [{7F737E3E-993D-43AB-9109-90C4E82752CC}] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ FF Extension: iSkysoft iTube Studio - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ [] Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC1D62378-D089-4A29-9A18-B980A298DD21&SSPV=" CHR DefaultSearchKeyword: conduit.search CHR DefaultSearchProvider: Conduit Search CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Ask Toolbar) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaplmcbjhigpfkmaffahlojgchbgfk [2013-08-10] CHR Extension: (iSkysoft iTube Studio) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afapmikcgbhfkecdhiokcgledjcpfbfd [2013-10-08] CHR Extension: (No Name) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok [2013-08-10] CHR Extension: (BBetterPriceChec) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaioaiklojlgnkabahipckfkoajbmako [2014-03-18] CHR Extension: (deal4Real) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\elklmgblhlhcjeildfhdbpgkkkfijfcj [2014-01-29] CHR Extension: (deeaLSter) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaonmipmkibfeihebmdoekopdimendbo [2014-02-14] CHR Extension: (No Name) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-08-10] CHR Extension: (No Name) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-08-10] CHR Extension: (webSavver) - C:\ProgramData\ghonjeljkjgdkabddkchmhmmeipcnhip [2014-01-29] CHR HKLM-x32\...\Chrome\Extension: [aaaaplmcbjhigpfkmaffahlojgchbgfk] - C:\Users\Familie Hüneke\AppData\Local\APN\GoogleCRXs\aaaaplmcbjhigpfkmaffahlojgchbgfk_7.16.0.0.crx [2014-01-29] CHR HKLM-x32\...\Chrome\Extension: [afapmikcgbhfkecdhiokcgledjcpfbfd] - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRChromePlugin.crx [2013-10-08] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated) S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.) R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools) R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 WV5Communication; C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe [1843712 2011-01-18] (LaCrosse Technology) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [204568 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr)) S1 klfbmhmg; \??\C:\Windows\system32\drivers\klfbmhmg.sys [X] S1 pwluztou; \??\C:\Windows\system32\drivers\pwluztou.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-18 10:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-18 10:38 - 2014-05-18 10:41 - 00000000 ____D () C:\AdwCleaner 2014-05-16 18:28 - 2014-05-18 10:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 18:27 - 2014-05-16 18:32 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 18:27 - 2014-05-16 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 18:27 - 2014-05-16 18:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-16 18:27 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-16 18:27 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-16 18:27 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-16 18:11 - 2014-02-13 16:57 - 00000426 _____ () C:\AVScanner.ini 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deeaLSter 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deal4Real 2014-05-16 17:44 - 2014-05-16 17:44 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\DropboxMaster 2014-05-16 17:30 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-16 17:30 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-16 17:30 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-16 17:30 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-16 17:30 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-16 17:29 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 19:40 - 2014-05-18 10:49 - 00000000 ____D () C:\FRST 2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 _____ () C:\Users\Familie Hüneke\defogger_reenable 2014-05-15 15:31 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 15:31 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 15:31 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 15:31 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 15:29 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 15:29 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 15:29 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 15:29 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 15:29 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 15:29 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 15:29 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 15:29 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 15:29 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 15:29 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 15:29 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 15:29 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 15:29 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 15:29 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 15:29 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 15:29 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 15:29 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 15:29 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 15:29 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieUserList 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieSiteList 2014-05-07 11:25 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-07 11:25 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-07 11:25 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-07 11:25 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-07 11:24 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-07 11:24 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-07 11:24 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-07 11:24 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-07 11:24 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-07 11:24 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-07 11:24 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-07 11:24 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-07 11:24 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-07 11:24 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-07 11:24 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-07 11:24 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-07 11:24 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-07 11:24 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-07 11:24 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-07 11:24 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-07 11:24 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-07 11:24 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-07 11:24 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-07 11:24 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-07 11:24 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-07 11:24 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-07 11:24 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-07 11:24 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-07 11:24 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-07 11:24 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-07 11:24 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-07 11:24 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-07 11:24 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-07 11:24 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-07 11:24 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-07 11:24 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-07 11:24 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-07 11:24 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-07 11:24 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-07 11:24 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-07 11:24 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-07 11:24 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-07 11:24 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-07 11:24 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-07 11:23 - 2014-05-16 17:36 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-18 10:49 - 2014-05-15 19:40 - 00000000 ____D () C:\FRST 2014-05-18 10:49 - 2013-08-17 16:59 - 01354567 _____ () C:\Windows\WindowsUpdate.log 2014-05-18 10:44 - 2011-01-09 12:15 - 00000000 ___RD () C:\Users\Familie Hüneke\Dropbox 2014-05-18 10:44 - 2011-01-09 12:12 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\Dropbox 2014-05-18 10:43 - 2014-05-16 18:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-18 10:43 - 2011-12-28 12:02 - 00000441 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-18 10:42 - 2013-12-15 09:52 - 00242906 _____ () C:\Windows\PFRO.log 2014-05-18 10:42 - 2013-11-23 13:39 - 00014766 _____ () C:\Windows\setupact.log 2014-05-18 10:42 - 2011-02-06 22:47 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-18 10:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-18 10:41 - 2014-05-18 10:38 - 00000000 ____D () C:\AdwCleaner 2014-05-18 10:40 - 2010-12-30 19:29 - 00000000 ____D () C:\ProgramData\ICQ 2014-05-18 10:33 - 2013-10-12 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-18 10:33 - 2011-02-06 22:47 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-17 11:05 - 2010-12-30 16:15 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\Skype 2014-05-17 11:02 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-17 11:02 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-17 03:01 - 2013-07-30 19:56 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-17 03:01 - 2009-07-14 04:34 - 00000534 _____ () C:\Windows\win.ini 2014-05-17 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-16 19:13 - 2010-10-26 00:11 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-05-16 19:13 - 2010-10-26 00:11 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-05-16 19:13 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-16 19:03 - 2014-03-18 16:08 - 00000000 ____D () C:\ProgramData\LuckyyShoopperr 2014-05-16 19:03 - 2014-02-14 18:05 - 00000000 ____D () C:\ProgramData\deeaLSter 2014-05-16 19:03 - 2014-02-02 21:19 - 00000000 ____D () C:\ProgramData\PPTCheckEr 2014-05-16 19:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\deal4Real 2014-05-16 18:32 - 2014-05-16 18:27 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 18:32 - 2014-05-16 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 18:32 - 2014-05-16 18:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-16 18:27 - 2012-05-13 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-16 18:11 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 18:10 - 2011-01-20 17:55 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deeaLSter 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deal4Real 2014-05-16 18:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\4dbbd86b8e00d967 2014-05-16 17:44 - 2014-05-16 17:44 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\DropboxMaster 2014-05-16 17:44 - 2012-02-05 17:13 - 00001847 _____ () C:\Windows\wininit.ini 2014-05-16 17:44 - 2011-01-09 12:13 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-16 17:44 - 2010-12-30 22:07 - 00000000 ___RD () C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 17:39 - 2010-12-30 22:07 - 00000000 ___RD () C:\Users\Familie Hüneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 17:36 - 2014-05-07 11:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-16 16:33 - 2013-08-07 13:32 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-16 12:11 - 2011-03-12 09:51 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-16 12:09 - 2013-02-06 18:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 _____ () C:\Users\Familie Hüneke\defogger_reenable 2014-05-15 19:33 - 2010-12-30 22:05 - 00000000 ____D () C:\Users\Familie Hüneke 2014-05-15 15:18 - 2013-10-12 14:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-15 15:18 - 2012-07-25 06:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-15 15:18 - 2011-08-26 21:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieUserList 2014-05-10 08:32 - 2014-05-10 08:32 - 00000000 __SHD () C:\Users\Familie Hüneke\AppData\Local\EmieSiteList 2014-05-09 08:14 - 2014-05-15 15:31 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 15:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-07 18:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-06 06:40 - 2014-05-16 17:30 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-16 17:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-16 17:30 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-16 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-16 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-16 17:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-03 17:28 - 2011-01-17 08:36 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Local\CrashDumps 2014-04-26 10:45 - 2013-07-30 19:56 - 00000000 ____D () C:\Users\Familie Hüneke\AppData\Local\Microsoft Help Some content of TEMP: ==================== C:\Users\Familie Hüneke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfiqkx.dll C:\Users\Familie Hüneke\AppData\Local\Temp\Quarantine.exe C:\Users\Familie Hüneke\AppData\Local\Temp\setup{090AB543-B1BE-4CB3-811E-A7AF6E5E4984}.exe C:\Users\Familie Hüneke\AppData\Local\Temp\setup{2FB4C8D9-A030-46E7-898D-1C63DE7653EE}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 15:29] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-17 01:34 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014 Ran by Familie Hüneke at 2014-05-18 10:51:07 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2011.1109.2212.39826 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.61109.2218 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2011.1109.2212.39826 - Ihr Firmenname) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVS Audio Converter version 6.3 (HKLM-x32\...\AVS Audio Converter 6.3_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561 - ATI Technologies, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) CDex extraction audio (HKLM-x32\...\CDex) (Version: - ) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Driver Whiz (HKLM-x32\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz) Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen) ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time) Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter version 3.10.17.221 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.10.17.221 - DVDVideoSoft Ltd.) freeTunes*3.0 (HKLM-x32\...\{447E3935-A085-42D4-0001-8BE5E4034B40}) (Version: 3.0.11.1100 - Engelmann Media GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG) Haufe iDesk-Service (HKLM-x32\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe) Heavy Weather Pro WS 2800 EU (HKLM-x32\...\Heavy Weather Pro WS 2800_is1) (Version: - LaCrosse Technology EU) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.) ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iSkysoft iTube Studio(Build 3.5.0.0) (HKLM-x32\...\iSkysoft iTube Studio_is1) (Version: 3.5.0.0 - iSkysoft Software) iTube Player(Build 1.0.0) (HKLM-x32\...\iTube Player_is1) (Version: 1.0.0.6 - iSkySoft) iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden KVB-Erstattungsantrag PC 2.62 (HKLM-x32\...\KVB-Erstattungsantrag PC_is1) (Version: - KVB) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell) Lexware buchhalter 2011 (HKLM-x32\...\{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}) (Version: 16.30.00.0179 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG) Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG) Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version: - ) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Language Pack 2013 - German/Deutsch (HKLM-x32\...\Office15.OMUI.de-de) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office O MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation) Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft SharePoint Designer MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft X MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{a97f0ac6-e34b-400a-8ce4-c4a5ab45344e}) (Version: - Nero AG) Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG) Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Packard Bell Game Console (x32 Version: - WildTangent) Hidden Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent) Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell) Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell) Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell) Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell) Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell ) Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.) Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickSteuer Deluxe 2011 (HKLM-x32\...\{6BCC7669-A863-4C24-804B-9C811C102F71}) (Version: 17.08.00.0005 - Haufe-Lexware GmbH & Co.KG) QuickSteuer DELUXE Wissens-Center 2011 (HKLM-x32\...\{0ABA2DC3-B67B-4D87-AB1B-EC5E9CDF24B3}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG) QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) Registry Mechanic 10.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer) Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (HKLM-x32\...\{90150000-0015-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{02DD2FBD-76D9-4B8B-AAE6-657542F4F6E6}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{7FBE2D23-9F3C-4983-B927-2A4BF600B7A7}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2880980) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{A10C00F8-0A83-4A74-86C5-3D0F9879E101}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{49893259-C896-4972-9B6C-6B75790945F1}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{65D789FD-9118-45AF-8DE4-F49F358A8525}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{65D789FD-9118-45AF-8DE4-F49F358A8525}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{B9DB28D9-15D0-4DDE-A123-C9B82AC9A579}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5EFADE14-CE0B-43BF-ADD2-850FCB79485F}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{8E942418-D7DE-48A4-8210-AD994006EFAA}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2878315) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{47A62B15-D0BF-4A2E-BCE2-939DB491D387}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.OMUI.de-de_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft) Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.37.3 - SuYin) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 16-05-2014 16:07:17 Removed Java 7 Update 25 16-05-2014 16:08:14 Removed Java 7 Update 25 16-05-2014 16:15:36 Removed SweetPacks bundle uninstaller 16-05-2014 16:16:03 Removed SweetPacks bundle uninstaller 16-05-2014 16:16:49 Removed SweetPacks bundle uninstaller 17-05-2014 01:00:14 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2011-01-21 17:59 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts 74.208.10.249 gs.apple.com ==================== Scheduled Tasks (whitelisted) ============= Task: {02CE0596-0D8E-4CD4-A71A-A33B4CA5F985} - \BitGuard No Task File <==== ATTENTION Task: {18371D80-FFEF-4B2D-8766-428BD923B58C} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {2E1BED31-6F6A-4452-A888-044413529C29} - System32\Tasks\{C9532825-33DF-4EBB-A112-CF0AE6245CDE} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {334101C6-A515-4A9A-B287-0E28F47840AD} - System32\Tasks\{A585D0CD-D5A6-43CA-8C84-02090770408A} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {39924203-1F9C-431F-8CC1-8EA3870D7843} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {5388A25B-F4C6-4671-94C5-218063408613} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06] (Google Inc.) Task: {628230B4-4F92-439B-BD14-E9158ED1E7B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-21] (Microsoft Corporation) Task: {637D3AD7-982C-4720-8014-BD969708C86E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6EB8F5C2-064A-4C86-98F1-267E66C0DAA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {8C1B1B86-7E8D-4CAF-8457-68ACF4EF89BC} - System32\Tasks\{216E5783-33D3-4C77-8664-027B09B78D88} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {8C68B635-0BE6-4965-8580-9E7CA1320FB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06] (Google Inc.) Task: {9A987540-AF09-4C53-A9A6-ED273912BC92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated) Task: {A4D91206-16CE-4E05-987D-1C617AB50BDA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation) Task: {A945B832-7DA3-4855-AFA5-A6F0257113A1} - System32\Tasks\{E897978D-6DC0-4956-951D-151F43D8A078} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {B738C61F-647E-452E-9583-91533C31098F} - System32\Tasks\{AC73A295-92A4-4FA3-BE92-B202B59847C1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {D8478F34-DD21-4EE1-8EA6-FF4F8D9F22A5} - System32\Tasks\{FEA11B8E-9F42-4F8B-BA84-202FFAAA0377} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: {E36F5D64-880E-4938-8B88-EE74A893E350} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {E7DF0D8B-2245-46B5-B2E7-51F57DDD43A3} - System32\Tasks\{E324BA03-D051-4A74-AE4F-83D04C7FD0CD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar Task: {F060CED3-533A-4C31-A9B4-9458A0F867A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-21] (Microsoft Corporation) Task: {FED480DC-C243-4A45-81B5-81DC161106C7} - System32\Tasks\{E494D829-1907-4C42-BEEF-DC6945FD1694} => C:\Users\Familie Hüneke\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-09 23:09 - 2011-11-09 23:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-03-21 18:37 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-07-30 19:25 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll 2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll 2012-04-06 10:07 - 2009-08-27 20:04 - 00159744 _____ () C:\Program Files (x86)\HeavyWeatherWV5\sHID.dll 2010-10-25 14:28 - 2010-05-26 15:58 - 00046328 _____ () C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll 2010-10-25 14:28 - 2010-05-26 15:58 - 00038136 _____ () C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll 2014-05-18 10:44 - 2014-05-18 10:44 - 00041984 _____ () C:\Users\Familie Hüneke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfiqkx.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Familie Hüneke\AppData\Roaming\Dropbox\bin\libcef.dll 2013-11-15 21:02 - 2013-11-15 21:03 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: msnmsgr => ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader => C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/18/2014 10:37:23 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (05/18/2014 10:37:22 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (05/17/2014 05:03:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3261 Error: (05/17/2014 05:03:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3261 Error: (05/17/2014 05:03:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/17/2014 05:03:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2075 Error: (05/17/2014 05:03:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2075 Error: (05/17/2014 05:03:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/17/2014 05:03:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1077 Error: (05/17/2014 05:03:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1077 System errors: ============= Error: (05/17/2014 10:57:06 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/16/2014 00:08:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070652 fehlgeschlagen: Update für Microsoft Outlook 2013 (KB2880470) 32-Bit-Edition Error: (05/16/2014 00:07:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070652 fehlgeschlagen: Sicherheitsupdate für Microsoft SharePoint Designer 2013 (KB2863836) 32-Bit-Edition Error: (05/15/2014 10:02:41 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 15.05.2014 um 22:00:52 unerwartet heruntergefahren. Error: (05/15/2014 09:32:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (05/15/2014 08:13:47 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/15/2014 07:05:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (05/15/2014 07:05:39 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/15/2014 02:57:12 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/12/2014 06:32:14 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (05/18/2014 10:37:23 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Daten\Software\SoftonicDownloader_fuer_mp3directcut.exe Error: (05/18/2014 10:37:22 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Daten\Software\SoftonicDownloader_fuer_cyberlink-powercinema.exe Error: (05/17/2014 05:03:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3261 Error: (05/17/2014 05:03:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3261 Error: (05/17/2014 05:03:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/17/2014 05:03:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2075 Error: (05/17/2014 05:03:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2075 Error: (05/17/2014 05:03:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/17/2014 05:03:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1077 Error: (05/17/2014 05:03:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1077 ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 4090.9 MB Available physical RAM: 1778.4 MB Total Pagefile: 8179.98 MB Available Pagefile: 5510.43 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:452.66 GB) (Free:329.07 GB) NTFS Drive e: (THOMISTICK) (Removable) (Total:1.88 GB) (Free:1.86 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F324AF14) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 6E652072) No partition Table on disk 1. ==================== End Of Log ============================ |
18.05.2014, 22:57 | #9 |
Ruhe in Frieden † 2019 | Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Thomas, gut gemacht Du hast dir wirklich eine Menge Adware und einen HAufen unerwünschte Programme eingefangen. Du solltest in Zukunft vermehrt darauf achten, dir Software vorwiegend dirket vom Hersteller zu laden und nicht über Seiten wie Softonic, selbst Chip ist mit Vorsicht zu genießen. Wie läuft der Rechner denn momentan? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION SearchScopes: HKCU - {0BA6F57F-AF92-491C-8675-A55E84FF3BE3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=a02c8609-cea3-4a4c-9069-8862b8756f9d&apn_sauid=EEB0CF73-5FA3-47A7-9DF8-05A17341F48A FF Extension: deeaLSter - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\fehraooy@sj-.edu [2014-02-14] FF Extension: deal4Real - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\nwyh6eiae@uoeoucz-.co.uk [2014-01-29] FF Extension: BBetterPriceChec - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\ooy1efsw@cooyuouwm.org [2014-03-18 FF Extension: PPTCheckEr - C:\Users\Familie Hüneke\AppData\Roaming\Mozilla\Firefox\Profiles\t8r4wrby.default\Extensions\iauaaio@iuya.net [2014-02-05] CHR Extension: (Ask Toolbar) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaplmcbjhigpfkmaffahlojgchbgfk [2013-08-10] CHR Extension: (BBetterPriceChec) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaioaiklojlgnkabahipckfkoajbmako [2014-03-18] CHR Extension: (deal4Real) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\elklmgblhlhcjeildfhdbpgkkkfijfcj [2014-01-29] CHR Extension: (deeaLSter) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaonmipmkibfeihebmdoekopdimendbo [2014-02-14] CHR Extension: (No Name) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok [2013-08-10] CHR Extension: (No Name) - C:\Users\Familie Hüneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-08-10] CHR Extension: (webSavver) - C:\ProgramData\ghonjeljkjgdkabddkchmhmmeipcnhip [2014-01-29] CHR HKLM-x32\...\Chrome\Extension: [aaaaplmcbjhigpfkmaffahlojgchbgfk] - C:\Users\Familie Hüneke\AppData\Local\APN\GoogleCRXs\aaaaplmcbjhigpfkmaffahlojgchbgfk_7.16.0.0.crx [2014-01-29] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deeaLSter 2014-05-16 18:03 - 2014-05-16 18:03 - 00000000 ____D () C:\Program Files (x86)\deal4Real 2014-05-16 18:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\4dbbd86b8e00d967 2014-05-16 19:03 - 2014-03-18 16:08 - 00000000 ____D () C:\ProgramData\LuckyyShoopperr 2014-05-16 19:03 - 2014-02-14 18:05 - 00000000 ____D () C:\ProgramData\deeaLSter 2014-05-16 19:03 - 2014-02-02 21:19 - 00000000 ____D () C:\ProgramData\PPTCheckEr 2014-05-16 19:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\webSavver 2014-05-16 19:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\deal4Real 2014-05-16 19:03 - 2012-10-27 15:47 - 00000000 ____D () C:\Program Files (x86)\SweetIM 2014-05-16 18:19 - 2013-12-28 15:27 - 00000000 ____D () C:\ProgramData\Websteroids 2014-05-16 18:03 - 2014-01-29 18:01 - 00000000 ____D () C:\ProgramData\4dbbd86b8e00d96 C:\Program Files (x86)\Ask.com Task: {02CE0596-0D8E-4CD4-A71A-A33B4CA5F985} - \BitGuard No Task File <==== ATTENTION Task: {18371D80-FFEF-4B2D-8766-428BD923B58C} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {E36F5D64-880E-4938-8B88-EE74A893E350} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 In deinem Chrome Browser ist conduit als Startseite eingetragen Stelle nach dieser Anleitung deine Startseite neu ein. Schritt 3
Schritt 4
Schritt 5 Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Lade dir bitte von hier den aktuellen Firefox herunter. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu TFC Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. Geändert von Bootsektor (18.05.2014 um 23:08 Uhr) |
20.05.2014, 15:57 | #10 |
| Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Sandra Ja der Laptop wird von 5 Personen benutzt und vielleicht haben da nicht alle so darauf geachtet wie Software geladen wird und von welchen Seiten. Der PC läuft jetzt wesentlich besser. Ich habe jetzt in den nächsten Tagen keine Zeit die weiteren Checks durchzuführen. Am Samstag habe ich wieder Zeit und melde mich dann. Bzgl. der Aktionen bei den Chrome Browser Einstellungen habe ich nichts bei meinem Login gefunden. Aber wie gesagt es gibt noch andere Benutzer die Chrome Browser benutzen die werde ich jetzt auch noch prüfen. Danke und Gruß Thomas |
24.05.2014, 15:04 | #12 |
| Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Sandra Tolle Arbeit. Der Laptop läuft wieder super. Habe alle abschließenden Aktionen abgeschlossen. Habe soeben mein positives Feedback abgeschickt. Danke und Gruß Thomas |
27.05.2014, 11:00 | #13 |
Ruhe in Frieden † 2019 | Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt Hallo Thomas, vielen Dank für dein Lob, gern geschehen Somit ist dieses Thema erledigt, falls du noch Fragen haben solltest oder es Probleme gibt, so schicke mir bitte eine PN Jeder andere bitte hier klicken und einen eigenen Thread erstellen |