| |
| |||||||
Log-Analyse und Auswertung: WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuftWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.05.2014, 10:59
| #1 |
| |  WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft Ich selbst bin User mit rudimentären Kenntnissen. Problem ist der Rechner meines Sohnes (13 Jahre). Er soll eigentlich das Konto "Yannik" nutzen, kannte leider aber auch die Kennwörter der Konten "Freunde" und "Supervisor". Neben Spielen und einigen Add-Ons hat er sich wohl auch Seiten mit pornografischen Inhalten angesehen. Im Januar 2014 meldete er mir, dass der Rechner wohl gesperrt wurde (U-Cash-Forderung, BKA-Trojaner o. ä.). Er hat zunächst viel (nicht mehr nachvollziehbares) rumprobiert und auch eine Rescue-CD von ComputerBild genutzt. Erst als gar nichts mehr ging (kein booten möglich) kam er zu mir. Der Rechner stand dann länger ungenutzt und eigentlich ohne dass ich etwas getan hätte bootete der Rechner auf "Supervisor" ganz normal. Leider gab es keine alten Wiederherstellungspunkte. Eine Neuinstallation von Win/ war mir nicht möglich, da der Filius die Installations-CD nicht mehr auftreiben kann (PC wurde neu gekauft mit DELL-System). Ich habe dann lediglich Windows Update gefahren und AVAST installiert. Dort wurden eine Reihe Mallware etc und drei Trojaner (wie im Thema geschrieben) gefunden. Entsprechend der Anleitung habe ich die Scans mit defogger, FRST und GMER gemacht und auch das Logfile von Avast auf dem Desktop abgelegt. Ich versuche jetzt mal die logfiles der Beschreibung entsprechend hier einzufügen: defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:14 on 24/05/2014 (Supervisor)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Supervisor (administrator) on YANNIK-NB on 24-05-2014 10:15:43
Running from C:\Users\Supervisor\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541976 2014-04-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-26] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2260964575-2753946872-1401531445-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2260964575-2753946872-1401531445-1007\...\MountPoints2: {cac5b64f-f376-11e0-b7a0-806e6f6e6963} - D:\zdata\cobi.exe
Startup: C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk
ShortcutTarget: GlobeTrotter Connect.lnk -> C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1002\User: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1001\User: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCCD51E63205ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1416129183&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1416129183&ir=
SearchScopes: HKLM - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM - {6AC7F7A6-4DA3-6240-2E01-7B007B044D31} URL =
SearchScopes: HKLM-x32 - {47420D7F-BE7F-3E26-CF12-4AA921CD5257} URL =
SearchScopes: HKLM-x32 - {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {4189992F-9A16-4604-80F5-C8E63760BA87} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4189992F-9A16-4604-80F5-C8E63760BA87} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Supervisor\AppData\Roaming\Mozilla\Firefox\Profiles\wbyrsny3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-07]
CHR Extension: (Google Drive) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (YouTube) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
CHR Extension: (Google-Suche) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
CHR Extension: (Google Wallet) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-07]
CHR Extension: (Google Mail) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-26]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-26] ()
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [130048 2009-06-11] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [86528 2009-06-11] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10496 2009-06-11] (Option N.V.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-24 10:15 - 2014-05-24 10:15 - 00013584 _____ () C:\Users\Supervisor\Downloads\FRST.txt
2014-05-24 10:15 - 2014-05-24 10:15 - 00000000 ____D () C:\FRST
2014-05-24 10:14 - 2014-05-24 10:14 - 00000482 _____ () C:\Users\Supervisor\Desktop\defogger_disable.log
2014-05-24 10:14 - 2014-05-24 10:14 - 00000000 _____ () C:\Users\Supervisor\defogger_reenable
2014-05-23 21:04 - 2014-05-23 21:04 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends (2).lnk
2014-05-23 21:04 - 2014-05-23 21:04 - 00000178 _____ () C:\Users\Yannik\Desktop\Neue Verknüpfung.lnk
2014-05-23 18:45 - 2014-05-23 18:45 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Brother
2014-05-23 18:43 - 2014-05-23 18:43 - 00380416 _____ () C:\Users\Supervisor\Downloads\Gmer-19357.exe
2014-05-23 18:42 - 2014-05-23 18:43 - 02067456 _____ (Farbar) C:\Users\Supervisor\Downloads\FRST64.exe
2014-05-23 18:41 - 2014-05-23 18:41 - 00050477 _____ () C:\Users\Supervisor\Downloads\Defogger.exe
2014-05-20 01:30 - 2014-05-20 01:30 - 00000000 ____D () C:\Users\Freunde\AppData\Local\Google
2014-05-19 23:20 - 2014-05-19 23:20 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\LolClient
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\AVAST Software
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn
2014-05-15 08:12 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 08:12 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 08:12 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 08:12 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 08:12 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:12 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 07:30 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:30 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:30 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:30 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:29 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:29 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:29 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:29 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:28 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:28 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:28 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:28 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:28 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:28 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:28 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:28 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:28 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:28 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:28 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:28 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:28 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:28 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 19:31 - 2014-05-14 19:31 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-07 17:22 - 2014-05-07 17:22 - 00002220 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-05-07 17:22 - 2014-05-07 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-07 17:20 - 2014-05-16 15:35 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-07 17:20 - 2014-05-07 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-07 17:18 - 2014-05-24 10:10 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 17:18 - 2014-05-23 21:31 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 17:18 - 2014-05-10 05:26 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 17:18 - 2014-05-10 05:26 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 17:18 - 2014-05-07 17:22 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Google
2014-05-07 17:18 - 2014-05-07 17:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-06 07:48 - 2014-05-15 08:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 13:40 - 2014-05-04 13:40 - 00028913 _____ () C:\Users\Supervisor\Documents\Unbenannt 2.odt
2014-05-04 13:26 - 2014-05-04 13:26 - 00020699 _____ () C:\Users\Supervisor\Documents\Politik Projekt.odt
2014-05-04 12:53 - 2014-04-25 18:01 - 00001613 _____ () C:\Users\Yannik\Desktop\Play League of Legends.lnk
2014-05-04 12:47 - 2014-05-04 12:47 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends.lnk
2014-05-02 04:00 - 2014-05-02 04:00 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Macromedia
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Mozilla
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Mozilla
2014-04-29 15:28 - 2014-04-29 15:32 - 00000000 ____D () C:\AdwCleaner
2014-04-26 17:51 - 2014-04-26 17:51 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\LolClient
2014-04-26 08:47 - 2014-04-26 08:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-26 08:47 - 2014-04-26 08:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-25 20:16 - 2014-04-25 20:16 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\LolClient
2014-04-25 18:01 - 2014-04-25 18:01 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-04-25 18:01 - 2014-04-25 18:01 - 00000000 ____D () C:\Riot Games
2014-04-25 18:01 - 2014-04-25 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-04-25 17:54 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-04-25 17:54 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-04-25 17:54 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-04-25 17:35 - 2014-04-25 17:35 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\Riot Games
2014-04-25 17:25 - 2014-05-12 04:06 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\PMB Files
2014-04-25 17:25 - 2014-05-08 18:27 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-25 17:25 - 2014-04-25 17:25 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-04-25 17:24 - 2014-04-25 17:25 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Riot Games
2014-04-25 17:12 - 2014-04-25 17:12 - 00002517 _____ () C:\Users\Yannik\Desktop\Skype.lnk
2014-04-25 17:12 - 2014-04-25 17:12 - 00002517 _____ () C:\Users\Yannik\Desktop\Skype (2).lnk
==================== One Month Modified Files and Folders =======
2014-05-24 10:15 - 2014-05-24 10:15 - 00013584 _____ () C:\Users\Supervisor\Downloads\FRST.txt
2014-05-24 10:15 - 2014-05-24 10:15 - 00000000 ____D () C:\FRST
2014-05-24 10:15 - 2011-05-07 01:46 - 01218478 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 10:14 - 2014-05-24 10:14 - 00000482 _____ () C:\Users\Supervisor\Desktop\defogger_disable.log
2014-05-24 10:14 - 2014-05-24 10:14 - 00000000 _____ () C:\Users\Supervisor\defogger_reenable
2014-05-24 10:14 - 2013-09-22 14:50 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\LogMeIn Hamachi
2014-05-24 10:14 - 2013-09-22 14:43 - 00000000 ____D () C:\Users\Supervisor
2014-05-24 10:12 - 2014-04-17 12:17 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-24 10:12 - 2013-09-22 14:48 - 00000680 __RSH () C:\Users\Supervisor\ntuser.pol
2014-05-24 10:10 - 2014-05-07 17:18 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 10:10 - 2013-02-06 19:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 10:09 - 2011-05-16 01:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-24 10:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-24 10:09 - 2009-07-14 06:51 - 00124506 _____ () C:\Windows\setupact.log
2014-05-23 23:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-05-23 23:03 - 2013-09-17 17:35 - 00000000 ____D () C:\Users\Freunde\AppData\Local\CrashDumps
2014-05-23 23:01 - 2012-05-05 16:57 - 01460074 __RSH () C:\Users\Freunde\ntuser.pol
2014-05-23 23:01 - 2012-05-05 16:57 - 00661356 __RSH () C:\Users\Yannik\ntuser.pol
2014-05-23 23:01 - 2012-05-05 16:13 - 00000000 ____D () C:\Users\Freunde
2014-05-23 23:01 - 2011-10-14 16:32 - 00000000 ____D () C:\Users\Yannik
2014-05-23 23:00 - 2013-09-15 12:56 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn Hamachi
2014-05-23 22:54 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 22:54 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 22:48 - 2013-02-04 22:38 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\Skype
2014-05-23 22:44 - 2013-02-08 00:00 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn Hamachi
2014-05-23 21:31 - 2014-05-07 17:18 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 21:04 - 2014-05-23 21:04 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends (2).lnk
2014-05-23 21:04 - 2014-05-23 21:04 - 00000178 _____ () C:\Users\Yannik\Desktop\Neue Verknüpfung.lnk
2014-05-23 21:04 - 2014-04-15 17:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-23 18:45 - 2014-05-23 18:45 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Brother
2014-05-23 18:43 - 2014-05-23 18:43 - 00380416 _____ () C:\Users\Supervisor\Downloads\Gmer-19357.exe
2014-05-23 18:43 - 2014-05-23 18:42 - 02067456 _____ (Farbar) C:\Users\Supervisor\Downloads\FRST64.exe
2014-05-23 18:41 - 2014-05-23 18:41 - 00050477 _____ () C:\Users\Supervisor\Downloads\Defogger.exe
2014-05-23 09:07 - 2014-04-15 16:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-22 18:24 - 2013-09-28 12:26 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\CrashDumps
2014-05-22 18:19 - 2011-05-07 02:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-22 10:49 - 2010-11-21 08:50 - 01791316 _____ () C:\Windows\system32\perfh007.dat
2014-05-22 10:49 - 2010-11-21 08:50 - 00491516 _____ () C:\Windows\system32\perfc007.dat
2014-05-22 10:49 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 01:30 - 2014-05-20 01:30 - 00000000 ____D () C:\Users\Freunde\AppData\Local\Google
2014-05-19 23:20 - 2014-05-19 23:20 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\LolClient
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\AVAST Software
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn
2014-05-19 23:18 - 2012-05-05 16:13 - 00001433 _____ () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-19 23:18 - 2012-05-05 16:13 - 00000000 ___RD () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 23:18 - 2012-05-05 16:13 - 00000000 ___RD () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 23:18 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-17 22:08 - 2011-10-14 16:34 - 00000000 ___RD () C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 22:08 - 2011-10-14 16:34 - 00000000 ___RD () C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 22:05 - 2014-04-17 12:17 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\DiskDefrag
2014-05-16 15:35 - 2014-05-07 17:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 15:14 - 2014-04-15 17:23 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-16 15:14 - 2014-04-15 17:22 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 15:14 - 2014-04-15 17:22 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 08:26 - 2013-09-22 14:49 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:26 - 2013-09-22 14:49 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:16 - 2014-05-06 07:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 08:11 - 2013-08-29 13:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:10 - 2013-02-06 19:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 08:10 - 2013-02-06 19:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 08:10 - 2013-02-06 19:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 08:07 - 2012-08-23 14:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:31 - 2014-05-14 19:31 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-13 17:22 - 2011-10-17 15:27 - 00000000 ____D () C:\Users\Yannik\AppData\Local\CrashDumps
2014-05-12 04:06 - 2014-04-25 17:25 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\PMB Files
2014-05-11 14:56 - 2013-02-05 16:14 - 00000000 ____D () C:\Users\Yannik\Desktop\Neuer Ordner
2014-05-10 05:26 - 2014-05-07 17:18 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 05:26 - 2014-05-07 17:18 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-15 07:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 07:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 18:27 - 2014-04-25 17:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-08 09:01 - 2010-11-21 05:47 - 00161584 _____ () C:\Windows\PFRO.log
2014-05-07 17:22 - 2014-05-07 17:22 - 00002220 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-05-07 17:22 - 2014-05-07 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-07 17:22 - 2014-05-07 17:18 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Google
2014-05-07 17:22 - 2014-05-07 17:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-07 17:20 - 2014-05-07 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 06:40 - 2014-05-15 08:12 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 08:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 08:12 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 08:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 08:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 08:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 13:40 - 2014-05-04 13:40 - 00028913 _____ () C:\Users\Supervisor\Documents\Unbenannt 2.odt
2014-05-04 13:26 - 2014-05-04 13:26 - 00020699 _____ () C:\Users\Supervisor\Documents\Politik Projekt.odt
2014-05-04 12:47 - 2014-05-04 12:47 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends.lnk
2014-05-02 04:00 - 2014-05-02 04:00 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Macromedia
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Mozilla
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Mozilla
2014-04-29 15:32 - 2014-04-29 15:28 - 00000000 ____D () C:\AdwCleaner
2014-04-29 15:17 - 2013-02-27 21:46 - 00000000 ____D () C:\Program Files (x86)\PC Beschleunigen
2014-04-26 17:51 - 2014-04-26 17:51 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\LolClient
2014-04-26 08:48 - 2014-04-15 17:23 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-26 08:47 - 2014-04-26 08:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-26 08:47 - 2014-04-26 08:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-26 08:47 - 2014-04-15 17:23 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-26 08:47 - 2014-04-15 17:22 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400246088107
2014-04-26 08:47 - 2014-04-15 17:22 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400246088107
2014-04-26 08:47 - 2014-04-15 17:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-26 08:47 - 2014-04-15 17:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-26 08:47 - 2014-04-15 17:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-26 08:47 - 2014-04-15 17:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-25 20:16 - 2014-04-25 20:16 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\LolClient
2014-04-25 18:01 - 2014-05-04 12:53 - 00001613 _____ () C:\Users\Yannik\Desktop\Play League of Legends.lnk
2014-04-25 18:01 - 2014-04-25 18:01 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-04-25 18:01 - 2014-04-25 18:01 - 00000000 ____D () C:\Riot Games
2014-04-25 18:01 - 2014-04-25 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-04-25 17:35 - 2014-04-25 17:35 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\Riot Games
2014-04-25 17:25 - 2014-04-25 17:25 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-04-25 17:25 - 2014-04-25 17:24 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Riot Games
2014-04-25 17:12 - 2014-04-25 17:12 - 00002517 _____ () C:\Users\Yannik\Desktop\Skype.lnk
2014-04-25 17:12 - 2014-04-25 17:12 - 00002517 _____ () C:\Users\Yannik\Desktop\Skype (2).lnk
Some content of TEMP:
====================
C:\Users\Freunde\AppData\Local\Temp\air5F18.exe
C:\Users\Freunde\AppData\Local\Temp\CmdLineExt01.dll
C:\Users\Freunde\AppData\Local\Temp\setup.exe
C:\Users\Freunde\AppData\Local\Temp\SIntf16.dll
C:\Users\Freunde\AppData\Local\Temp\SIntf32.dll
C:\Users\Freunde\AppData\Local\Temp\SIntfNT.dll
C:\Users\Freunde\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Supervisor\AppData\Local\Temp\Quarantine.exe
C:\Users\Supervisor\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Supervisor\AppData\Local\Temp\uninst1.exe
C:\Users\Yannik\AppData\Local\Temp\6k7drhsi.dll
C:\Users\Yannik\AppData\Local\Temp\air3959.exe
C:\Users\Yannik\AppData\Local\Temp\airB35C.exe
C:\Users\Yannik\AppData\Local\Temp\airC737.exe
C:\Users\Yannik\AppData\Local\Temp\airE72.exe
C:\Users\Yannik\AppData\Local\Temp\airF757.exe
C:\Users\Yannik\AppData\Local\Temp\airFA1A.exe
C:\Users\Yannik\AppData\Local\Temp\ap10013.exe
C:\Users\Yannik\AppData\Local\Temp\CmdLineExt01.dll
C:\Users\Yannik\AppData\Local\Temp\comver.dll
C:\Users\Yannik\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Yannik\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Yannik\AppData\Local\Temp\EBU142E.exe
C:\Users\Yannik\AppData\Local\Temp\EBU1CF4.DLL
C:\Users\Yannik\AppData\Local\Temp\F758_minecraftsetup.exe
C:\Users\Yannik\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Yannik\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Yannik\AppData\Local\Temp\fp_pl_pfs_installer-3.exe
C:\Users\Yannik\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Yannik\AppData\Local\Temp\install_flashplayer11x32_mssa_aih(1).exe
C:\Users\Yannik\AppData\Local\Temp\install_flashplayer11x32_mssa_aih(3).exe
C:\Users\Yannik\AppData\Local\Temp\krmtjum3.dll
C:\Users\Yannik\AppData\Local\Temp\lyf1ipqv.dll
C:\Users\Yannik\AppData\Local\Temp\msvcp60.dll
C:\Users\Yannik\AppData\Local\Temp\npp.6.3.2.Installer.exe
C:\Users\Yannik\AppData\Local\Temp\nsv8g1ms.dll
C:\Users\Yannik\AppData\Local\Temp\setup.exe
C:\Users\Yannik\AppData\Local\Temp\SIntf16.dll
C:\Users\Yannik\AppData\Local\Temp\SIntf32.dll
C:\Users\Yannik\AppData\Local\Temp\SIntfNT.dll
C:\Users\Yannik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Yannik\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Yannik\AppData\Local\Temp\smd_runtime.exe
C:\Users\Yannik\AppData\Local\Temp\twapi-2.0a2.dll
C:\Users\Yannik\AppData\Local\Temp\wajam_install.exe
C:\Users\Yannik\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Yannik\AppData\Local\Temp\_inst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-15 07:57
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Supervisor at 2014-05-24 10:16:25
Running from C:\Users\Supervisor\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Ab ins Häuschen (HKLM-x32\...\{7A92A322-1A10-4153-B551-D547AA9B4649}) (Version: 1.4 - media Verlagsgesellschaft mbH)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )
Alarm für Cobra 11 - Das Syndikat (HKLM-x32\...\Alarm für Cobra 11 - Das Syndikat_is1) (Version: - dtp)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{47B188E2-2447-5C40-15B6-9D49DC90BF5B}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Catalyst Control Center InstallProxy (x32 Version: 2011.0308.2325.42017 - ATI Technologies, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Jagd nach dem blauen Kristall (HKLM-x32\...\Die Jagd nach dem blauen Kristall) (Version: - )
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.3 - IObit)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Glary Utilities 4.10 (HKLM-x32\...\Glary Utilities 4) (Version: 4.10.0.100 - Glarysoft Ltd)
GlobeTrotter Connect (HKLM\...\{727E94E5-584F-4463-B4F5-93D3779C610B}_x) (Version: 3.1.0.1162 - Option NV)
GlobeTrotter Connect (Version: 3.1.0.1162 - Option NV) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Grand Ages Rome 1.01 (HKLM-x32\...\Civitas3) (Version: 1.01 - Kalypso Media)
HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1211.29) (Version: 3.5.1211.29 - Solveig Multimedia)
Iminent (x32 Version: 6.35.31.0 - Iminent) Hidden <==== ATTENTION
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
Jagen 2011 (HKLM-x32\...\{45A583AC-22D5-44F1-B093-FF0429D764E9}) (Version: 1.00.0000 - Valusoft)
James Cameron's AVATAR(tm): DAS SPIEL (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kommissar Kugelblitz 1 (HKLM-x32\...\Kommissar Kugelblitz 1) (Version: - )
Kommissar Kugelblitz 2 (HKLM-x32\...\{7CC93985-10CD-11D5-982A-0050DA602C65}) (Version: 1.00.0000 - Terzio Verlag)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LEGO Star Wars II (HKLM-x32\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
Loewenzahn 6 (HKLM-x32\...\{7CFC17CE-0A66-46B0-BA57-BF8AB674BF5C}) (Version: 1.00.0000 - Terzio Verlag)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Magic Encyclopedia (HKLM-x32\...\Magic Encyclopedia) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - )
Microsoft Age of Empires Expansion (HKLM-x32\...\Age of Empires Expansion 1.0) (Version: - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Combat Flight Simulator 2 (HKLM-x32\...\Combat Flight Simulator 2.0) (Version: - )
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
NVIDIA 3D Vision Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.80.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7533 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 275.33 (Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.3.5 - NVIDIA Corporation) Hidden
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.2.6 - Speedchecker Limited)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickShare (HKLM-x32\...\{F7D739D1-B597-4802-A4CB-E1FBF326C9B0}) (Version: 1.6.1.796 - Linkury Inc.) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Schachtrainer (HKLM-x32\...\Schachtrainer_is1) (Version: - Tivola Development GmbH)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smash 'n Spike XXL (HKLM-x32\...\Smash 'n Spike XXL) (Version: - phenomedia publishing gmbh)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.0 - Activision)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
Superbike Racing 2 - from Midas (HKLM-x32\...\Superbike Racing 2 - from Midas) (Version: - )
Tigerteam 1 (HKLM-x32\...\Tigerteam 1) (Version: - )
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Worms 3D (HKLM-x32\...\{E7C25968-B418-4529-A389-E5DFCE792917}) (Version: 0.00.001 - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
==================== Restore Points =========================
26-04-2014 06:43:13 avast! antivirus system restore point
26-04-2014 17:03:03 Windows Update
29-04-2014 07:11:26 Windows Update
29-04-2014 13:25:12 Removed Delta Chrome Toolbar
29-04-2014 16:25:12 Windows Update
02-05-2014 20:01:11 Windows Update
06-05-2014 05:47:29 Windows Update
09-05-2014 18:07:43 Windows Update
13-05-2014 06:04:29 Windows Update
15-05-2014 06:03:48 Windows Update
21-05-2014 06:12:43 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {01720778-AFA0-435F-8BC0-EDDB28ECC9BD} - System32\Tasks\{E9385A7F-66EE-4ACA-965E-FE45046B11EB} => C:\Program Files (x86)\Divinity II - Ego Draconis\bin\Divinity2.exe
Task: {123B793B-A574-48FE-9B9D-F3610914B3D9} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd)
Task: {22718ABF-549E-4E81-8F5D-034FE50ADD3E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-26] (AVAST Software)
Task: {47F44170-62E1-4305-B070-6D522D237095} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {5FFA8E79-C524-47A3-B634-49138D9F43C6} - \Searchya No Task File <==== ATTENTION
Task: {75CC199C-71AF-4990-B460-8906422DAF33} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-03-07] (IObit)
Task: {8B5CEA5D-D39E-41CE-B637-28989FD84701} - System32\Tasks\{9D267F8E-A569-4BC5-99CC-6BA5C14BF63B} => C:\Program Files (x86)\Divinity II - Ego Draconis\bin\Divinity2.exe
Task: {979AA7B2-F0ED-4669-8D15-5E287D139D6A} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd)
Task: {9D80E562-771E-4AF9-948E-7FD74397BBE9} - System32\Tasks\{7876148B-26C7-42C4-899E-67F5B3504B7B} => E:\setup.exe
Task: {AC9F8CE7-01C9-4530-AF7C-E5F046D74693} - \Driver Booster Update No Task File <==== ATTENTION
Task: {AF654C68-B097-408C-B44B-2B6AB3AE16B5} - \BitGuard No Task File <==== ATTENTION
Task: {B0728EBE-9539-4AE4-B164-F8CE0FFD334E} - System32\Tasks\Driver Booster SkipUAC (Supervisor) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-03-24] (IObit)
Task: {B0CE1B6A-EF57-498C-88D5-245CD0BAD844} - System32\Tasks\{E9DDEC51-80E7-4A4F-B3E3-0027518E282E} => E:\setup.exe
Task: {B1555805-80A3-4E99-8606-C5CC7EF0AC21} - System32\Tasks\{A97D611E-5E13-4E57-AF9F-97F13BE1B0C9} => E:\setup.exe
Task: {BC7E5CA3-3465-4F7B-AC0E-CC618100A6BD} - \EPUpdater No Task File <==== ATTENTION
Task: {D20B8212-09B0-484C-8021-07C5AB564999} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {F2137640-A41E-4A4E-A6B1-96E4CFFB7D6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {FFC9DE9B-F9C8-4445-BF7A-95E8CB42D01C} - \PC SpeedUp Service Deactivator No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-05-23 21:06 - 2014-05-23 21:06 - 02255872 _____ () C:\Program Files\AVAST Software\Avast\defs\14052300\algo.dll
2014-04-15 17:21 - 2014-04-15 17:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-05-04 16:36 - 2010-05-04 16:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2014 10:11:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2014 10:10:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hamachi-2.exe, Version: 2.2.0.193, Zeitstempel: 0x53720f92
Name des fehlerhaften Moduls: hamachi-2.exe, Version: 2.2.0.193, Zeitstempel: 0x53720f92
Ausnahmecode: 0x40000015
Fehleroffset: 0x00000000000ffbc9
ID des fehlerhaften Prozesses: 0x8d4
Startzeit der fehlerhaften Anwendung: 0xhamachi-2.exe0
Pfad der fehlerhaften Anwendung: hamachi-2.exe1
Pfad des fehlerhaften Moduls: hamachi-2.exe2
Berichtskennung: hamachi-2.exe3
Error: (05/23/2014 11:03:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x11a4
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (05/23/2014 11:02:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0xd80
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (05/23/2014 11:01:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x1438
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (05/23/2014 11:01:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x175c
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (05/23/2014 11:01:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x16bc
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (05/23/2014 11:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x1360
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (05/23/2014 11:01:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0xd8c
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (05/23/2014 11:00:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x17f0
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
System errors:
=============
Error: (05/24/2014 10:11:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/24/2014 10:10:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ForceWare IP service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/23/2014 09:02:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/23/2014 09:02:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.
Error: (05/23/2014 06:56:27 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (05/23/2014 06:56:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (05/22/2014 06:41:43 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (05/22/2014 06:41:40 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (05/22/2014 06:41:40 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (05/22/2014 06:06:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ForceWare Intelligent Application Manager (IAM)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (05/24/2014 10:11:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2014 10:10:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hamachi-2.exe2.2.0.19353720f92hamachi-2.exe2.2.0.19353720f924000001500000000000ffbc98d401cf77278eea6946C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exee51e6234-e31a-11e3-875d-bcaec5be097a
Error: (05/23/2014 11:03:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855411a401cf76ca7c1d29a2C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeb9eaba27-e2bd-11e3-8828-bcaec5be097a
Error: (05/23/2014 11:02:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b8554d8001cf76ca4bbb3346C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe89862bb1-e2bd-11e3-8828-bcaec5be097a
Error: (05/23/2014 11:01:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b8554143801cf76ca2fb63e5eC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe6d7f8913-e2bd-11e3-8828-bcaec5be097a
Error: (05/23/2014 11:01:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b8554175c01cf76ca264e92fdC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe67b29e25-e2bd-11e3-8828-bcaec5be097a
Error: (05/23/2014 11:01:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855416bc01cf76ca233aded5C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe62dff561-e2bd-11e3-8828-bcaec5be097a
Error: (05/23/2014 11:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b8554136001cf76ca22e1c107C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe60b8c78f-e2bd-11e3-8828-bcaec5be097a
Error: (05/23/2014 11:01:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b8554d8c01cf76ca209fb7d0C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe5e76be58-e2bd-11e3-8828-bcaec5be097a
Error: (05/23/2014 11:00:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855417f001cf76ca1296ad94C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe5060948b-e2bd-11e3-8828-bcaec5be097a
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 7935.05 MB
Available physical RAM: 6028.2 MB
Total Pagefile: 15868.28 MB
Available Pagefile: 14014.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:793.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D6B86815)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Es passten nur die logfiles defogger, first und Addition. avastscan habe ich nach Datum unterteilt und auch GMER war zu groß, daher leider nur als Anhang. Ich hoffe, ich habe soweit alles richtig gemacht. Wie geschrieben läuft der Rechner, aber sehr langsam, obwohl CPU- und Arbeitsspeicherauslastung was anderes sagen. Schonmal herzlichen Dank vorab für jede Form der Hilfe. |
|
24.05.2014, 12:39
| #2 |
| /// the machine /// TB-Ausbilder    |  WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft hi,
__________________Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ |
|
24.05.2014, 15:23
| #3 |
| | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft So, in der additional von frst waren die Anwendungen Iminent und Quickshare mit dem Marker "Attention" belegt. Quickshare war mittels Revo problem- und restlos deinstallierbar. Iminent war in Revo nicht sichtbar.
__________________Daher wie empfohlen ComboFix laufen lassen. Allerdings hab ich Idiot vergessen, WIN Defender zu deaktivieren. Combo lief problemlos durch und auch der Neustart ging ohne Fehlermeldung. Hier das Log von ComboFix: Code:
ATTFilter ComboFix 14-05-19.01 - Supervisor 24.05.2014 14:26:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7935.6154 [GMT 2:00]
ausgeführt von:: c:\users\Supervisor\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-24 bis 2014-05-24 ))))))))))))))))))))))))))))))
.
.
2014-05-24 13:37 . 2014-05-24 13:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-24 13:37 . 2014-05-24 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-24 13:37 . 2014-05-24 13:37 -------- d-----w- c:\users\Yannik\AppData\Local\temp
2014-05-24 13:37 . 2014-05-24 13:37 -------- d-----w- c:\users\Freunde\AppData\Local\temp
2014-05-24 12:04 . 2014-05-24 12:04 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-05-24 08:15 . 2014-05-24 08:16 -------- d-----w- C:\FRST
2014-05-23 16:45 . 2014-05-23 16:45 -------- d-----r- c:\users\Supervisor\AppData\Roaming\Brother
2014-05-23 06:49 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7110E2CD-843F-41FA-94E8-394E92FA55CD}\mpengine.dll
2014-05-22 16:19 . 2014-05-22 16:19 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-05-22 16:19 . 2014-05-22 16:19 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-05-22 16:19 . 2014-05-22 16:19 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-19 23:30 . 2014-05-19 23:30 -------- d-----w- c:\users\Freunde\AppData\Local\Google
2014-05-19 21:20 . 2014-05-19 21:20 -------- d-----w- c:\users\Freunde\AppData\Roaming\LolClient
2014-05-19 21:18 . 2014-05-19 21:18 -------- d-----w- c:\users\Freunde\AppData\Roaming\AVAST Software
2014-05-19 21:18 . 2014-05-19 21:18 -------- d-----w- c:\users\Freunde\AppData\Local\LogMeIn
2014-05-15 06:12 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 06:12 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 06:12 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 06:12 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 05:30 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-15 05:30 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-15 05:30 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-15 05:29 . 2014-04-12 02:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-15 05:29 . 2014-03-04 09:44 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-15 05:29 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-05-15 05:29 . 2014-03-04 09:17 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-14 17:31 . 2014-05-14 17:31 -------- d-----w- c:\users\Yannik\AppData\Local\LogMeIn
2014-05-14 16:48 . 2014-05-14 16:48 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-07 15:18 . 2014-05-07 15:22 -------- d-----w- c:\program files (x86)\Google
2014-05-07 15:18 . 2014-05-07 15:22 -------- d-----w- c:\users\Supervisor\AppData\Local\Google
2014-05-06 05:48 . 2014-05-15 06:16 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-02 02:00 . 2014-05-02 02:00 -------- d-----w- c:\users\Supervisor\AppData\Local\Macromedia
2014-05-01 22:04 . 2014-05-01 22:04 -------- d-----w- c:\users\Supervisor\AppData\Local\Mozilla
2014-04-29 13:28 . 2014-04-29 13:32 -------- d-----w- C:\AdwCleaner
2014-04-26 15:51 . 2014-04-26 15:51 -------- d-----w- c:\users\Yannik\AppData\Roaming\LolClient
2014-04-26 06:47 . 2014-04-26 06:47 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-26 06:47 . 2014-04-26 06:47 43152 ----a-w- c:\windows\avastSS.scr
2014-04-25 18:16 . 2014-04-25 18:16 -------- d-----w- c:\users\Supervisor\AppData\Roaming\LolClient
2014-04-25 16:01 . 2014-04-25 16:01 -------- d-----w- C:\Riot Games
2014-04-25 15:54 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-04-25 15:54 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2014-04-25 15:54 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-04-25 15:35 . 2014-04-25 15:35 -------- d-----w- c:\users\Yannik\AppData\Roaming\Riot Games
2014-04-25 15:25 . 2014-05-12 02:06 -------- d-----w- c:\users\Supervisor\AppData\Local\PMB Files
2014-04-25 15:25 . 2014-05-08 16:27 -------- d-----w- c:\programdata\PMB Files
2014-04-25 15:25 . 2014-04-25 15:25 -------- d-----w- c:\program files (x86)\Pando Networks
2014-04-25 15:24 . 2014-04-25 15:25 -------- d-----w- c:\users\Supervisor\AppData\Roaming\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 13:14 . 2014-04-15 15:23 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-16 13:14 . 2014-04-15 15:22 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-16 13:14 . 2014-04-15 15:22 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 06:10 . 2013-02-06 17:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 06:10 . 2013-02-06 17:40 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 06:07 . 2012-08-23 12:36 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-04-26 06:47 . 2014-04-15 15:23 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-26 06:47 . 2014-04-15 15:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-26 06:47 . 2014-04-15 15:22 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-26 06:47 . 2014-04-15 15:22 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-26 06:47 . 2014-04-15 15:22 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-17 11:20 . 2014-04-17 11:20 2157704 ----a-w- c:\windows\system32\YamahaAE.dll
2014-04-17 11:20 . 2014-04-17 11:20 871856 ----a-w- c:\windows\system32\tossaeapo64.dll
2014-04-17 11:20 . 2014-04-17 11:20 836544 ----a-w- c:\windows\system32\tadefxapo264.dll
2014-04-17 11:20 . 2014-04-17 11:20 724728 ----a-w- c:\windows\system32\sltech64.dll
2014-04-17 11:20 . 2014-04-17 11:20 65944 ----a-w- c:\windows\system32\tepeqapo64.dll
2014-04-17 11:20 . 2014-04-17 11:20 582056 ----a-w- c:\windows\system32\tosasfapo64.dll
2014-04-17 11:20 . 2014-04-17 11:20 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2014-04-17 11:20 . 2014-04-17 11:20 245496 ----a-w- c:\windows\system32\slprp64.dll
2014-04-17 11:20 . 2014-04-17 11:20 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-04-17 11:20 . 2014-04-17 11:20 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-04-17 11:20 . 2014-04-17 11:20 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-04-17 11:20 . 2014-04-17 11:20 162224 ----a-w- c:\windows\system32\toseaeapo64.dll
2014-04-17 11:20 . 2014-04-17 11:20 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2014-04-17 11:20 . 2014-04-17 11:20 148416 ----a-w- c:\windows\system32\tadefxapo.dll
2014-04-17 11:20 . 2014-04-17 11:20 1361336 ----a-w- c:\windows\system32\tosade.dll
2014-04-17 11:20 . 2014-04-17 11:20 947760 ----a-w- c:\windows\system32\SFSS_APO.dll
2014-04-17 11:20 . 2014-04-17 11:20 899320 ----a-w- c:\windows\system32\sl3apo64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1045752 ----a-w- c:\windows\system32\slcnt64.dll
2014-04-17 11:20 . 2014-04-17 11:20 221024 ----a-w- c:\windows\system32\SFNHK64.dll
2014-04-17 11:20 . 2014-04-17 11:20 81248 ----a-w- c:\windows\system32\SFCOM64.dll
2014-04-17 11:20 . 2014-04-17 11:20 78688 ----a-w- c:\windows\system32\SFAPO64.dll
2014-04-17 11:20 . 2014-04-17 11:20 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2014-04-17 11:20 . 2014-04-17 11:20 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-04-17 11:20 . 2014-04-17 11:20 2825432 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1958616 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-04-17 11:20 . 2014-04-17 11:20 3872984 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-04-17 11:20 . 2014-04-17 11:20 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 624344 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-04-17 11:20 . 2014-04-17 11:20 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-04-17 11:20 . 2014-04-17 11:20 2792152 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-04-17 11:20 . 2014-04-17 11:20 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-04-17 11:20 . 2014-04-17 11:20 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1024216 ----a-w- c:\windows\system32\RtkApi64.dll
2014-04-17 11:20 . 2014-04-17 11:20 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-04-17 11:20 . 2014-04-17 11:20 946392 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-04-17 11:20 . 2014-04-17 11:20 56270848 ----a-w- c:\windows\system32\RCoRes64.dat
2014-04-17 11:20 . 2014-04-17 11:20 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-04-17 11:20 . 2014-04-17 11:20 75024 ----a-w- c:\windows\system32\R4EEG64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 7164176 ----a-w- c:\windows\system32\R4EEP64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 434960 ----a-w- c:\windows\system32\R4EED64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 141584 ----a-w- c:\windows\system32\R4EEL64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 124176 ----a-w- c:\windows\system32\R4EEA64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 5752072 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-04-17 11:20 . 2014-04-17 11:20 906800 ----a-w- c:\windows\system32\MISS_APO.dll
2014-04-17 11:20 . 2014-04-17 11:20 938608 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2014-04-17 11:20 . 2014-04-17 11:20 662784 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2014-04-17 11:20 . 2014-04-17 11:20 12793944 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2014-04-17 11:20 . 2014-04-17 11:20 1313904 ----a-w- c:\windows\system32\MaxxSpeechAPO64.dll
2014-04-17 11:20 . 2014-04-17 11:20 3923032 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2014-04-17 11:20 . 2014-04-17 11:20 28310104 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-04-17 11:20 . 2014-04-17 11:20 2037336 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1932888 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-04-17 11:20 . 2014-04-17 11:20 14737496 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1033304 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-04-17 11:20 . 2014-04-17 11:20 790272 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-04-17 11:20 . 2014-04-17 11:20 663296 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2014-04-17 11:20 . 2014-04-17 11:20 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2014-04-17 11:20 . 2014-04-17 11:20 2319960 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2014-04-17 11:20 . 2014-04-17 11:20 1419376 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2014-04-17 11:20 . 2014-04-17 11:20 1419376 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-04-17 11:20 . 2014-04-17 11:20 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
2014-04-17 11:20 . 2014-04-17 11:20 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 501184 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2014-04-17 11:20 . 2014-04-17 11:20 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 487360 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2014-04-17 11:20 . 2014-04-17 11:20 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 415680 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2014-04-17 11:20 . 2014-04-17 11:20 2770976 ----a-w- c:\windows\system32\FMAPO64.dll
2014-04-17 11:20 . 2014-04-17 11:20 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2014-04-17 11:20 . 2014-04-17 11:20 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 6217904 ----a-w- c:\windows\system32\DDPP64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 605496 ----a-w- c:\windows\system32\audioLibVc.dll
2014-04-17 11:20 . 2014-04-17 11:20 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 313520 ----a-w- c:\windows\system32\DDPO64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 260272 ----a-w- c:\windows\system32\DDPA64.dll
2014-04-17 11:20 . 2014-04-17 11:20 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2014-04-17 11:20 . 2014-04-17 11:20 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2014-04-17 11:20 . 2014-04-17 11:20 1938608 ----a-w- c:\windows\system32\DDPD64A.dll
2014-04-17 11:20 . 2014-04-17 11:20 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2014-04-17 11:20 . 2014-04-17 11:20 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-04-17 11:20 . 2014-04-17 11:20 109848 ----a-w- c:\windows\system32\AcpiServiceVnA64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-17 08:54 223432 ----a-w- c:\users\Supervisor\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-17 08:54 223432 ----a-w- c:\users\Supervisor\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-17 08:54 223432 ----a-w- c:\users\Supervisor\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-26 3873704]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe /noshow [2009-10-14 2849280]
.
c:\users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe"
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe /warmup F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys;c:\windows\SYSNATIVE\DRIVERS\Gt51Ip.sys [x]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys;c:\windows\SYSNATIVE\DRIVERS\gt72ubus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-16 13:32 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-06 06:10]
.
2014-05-24 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2014-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07 15:18]
.
2014-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-17 08:54 262344 ----a-w- c:\users\Supervisor\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-17 08:54 262344 ----a-w- c:\users\Supervisor\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-17 08:54 262344 ----a-w- c:\users\Supervisor\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-26 06:47 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2014-03-31 892608]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-04-17 7541976]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Supervisor\AppData\Roaming\Mozilla\Firefox\Profiles\wbyrsny3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Kommissar Kugelblitz 1 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-24 15:52:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-24 13:52
.
Vor Suchlauf: 18 Verzeichnis(se), 853.112.266.752 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 853.979.164.672 Bytes frei
.
- - End Of File - - 30136673E5EBCF77477C6632C1F898C8
A36C5E4F47E84449FF07ED3517B43A31
|
|
25.05.2014, 07:09
| #4 |
| /// the machine /// TB-Ausbilder | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.05.2014, 08:05
| #5 |
| | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft Okay,alles erledigt. mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.05.2014 Suchlauf-Zeit: 07:58:01 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.27.04 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Supervisor Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 366983 Verstrichene Zeit: 24 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 44 PUP.Optional.SearchYah.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{25927741-5E5B-4D27-8D8B-9188FE64373F}, In Quarantäne, [520ed58192e938fe2245d954d42ec63a], PUP.Optional.SearchYah.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{25927741-5E5B-4D27-8D8B-9188FE64373F}, In Quarantäne, [520ed58192e938fe2245d954d42ec63a], PUP.Optional.SearchYah.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{25927741-5E5B-4D27-8D8B-9188FE64373F}, In Quarantäne, [520ed58192e938fe2245d954d42ec63a], PUP.Optional.SearchYah.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{25927741-5E5B-4D27-8D8B-9188FE64373F}, In Quarantäne, [520ed58192e938fe2245d954d42ec63a], PUP.Optional.SearchYah.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{33AA308B-B565-4376-AC66-59EE9B6AD13E}, In Quarantäne, [e27ee670e89382b40761ef3efb07718f], PUP.Optional.SearchYah.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{33AA308B-B565-4376-AC66-59EE9B6AD13E}, In Quarantäne, [e27ee670e89382b40761ef3efb07718f], PUP.Optional.SearchYah.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{33AA308B-B565-4376-AC66-59EE9B6AD13E}, In Quarantäne, [e27ee670e89382b40761ef3efb07718f], PUP.Optional.SearchYah.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{33AA308B-B565-4376-AC66-59EE9B6AD13E}, In Quarantäne, [e27ee670e89382b40761ef3efb07718f], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [0d535501e992dd59a37da9ba79891be5], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [0d535501e992dd59a37da9ba79891be5], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [0d535501e992dd59a37da9ba79891be5], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [0d535501e992dd59a37da9ba79891be5], PUP.Optional.Iminent.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [cd93d97d2d4e85b10e7fdd8635cdf010], PUP.Optional.Iminent.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [cd93d97d2d4e85b10e7fdd8635cdf010], PUP.Optional.Iminent.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [cd93d97d2d4e85b10e7fdd8635cdf010], PUP.Optional.Wajam.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [c69afb5b0e6d0234f78f6bc658aa52ae], PUP.Optional.Wajam.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [c69afb5b0e6d0234f78f6bc658aa52ae], PUP.Optional.Wajam.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [c69afb5b0e6d0234f78f6bc658aa52ae], PUP.Optional.Wajam.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [c69afb5b0e6d0234f78f6bc658aa52ae], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [0a5642144b30fe38ea3541228082c23e], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [0a5642144b30fe38ea3541228082c23e], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [0a5642144b30fe38ea3541228082c23e], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [0a5642144b30fe38ea3541228082c23e], PUP.Optional.PricePeep.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, In Quarantäne, [8dd399bda4d73303f37c164dd62cd12f], PUP.Optional.PricePeep.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, In Quarantäne, [8dd399bda4d73303f37c164dd62cd12f], PUP.Optional.PricePeep.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, In Quarantäne, [8dd399bda4d73303f37c164dd62cd12f], PUP.Optional.PricePeep.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, In Quarantäne, [8dd399bda4d73303f37c164dd62cd12f], PUP.Optional.DataMngr.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [5f011145d1aa181e4ca9d3e9d72c45bb], PUP.Optional.DataMngr.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [b1affb5bdaa11c1a866ee1dbd52e1ce4], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\delta LTD, In Quarantäne, [4020c78f3e3d7cbaac01526cc34003fd], PUP.Optional.Iminent.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [92ce381e3249f64009fb6c3cc9391be5], PUP.Optional.SmartBar, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, In Quarantäne, [69f7f0665c1ffa3c8404dafb7093c33d], PUP.Optional.SmartBar, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, In Quarantäne, [8bd566f0aecd999de1a6f3e2e41ffd03], PUP.Optional.PricePeep.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PricePeep, In Quarantäne, [9cc4f3631a610f27b056bceec14139c7], PUP.Optional.Babylon.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [9ac6f95dee8d261095662598b84b649c], PUP.Optional.Conduit.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, In Quarantäne, [7be513433f3c58de1f7e675b0ef5926e], PUP.Optional.ValueApps.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, In Quarantäne, [e878b6a0fa81a195fe83b6f110f23cc4], PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DELTA\DELTA, In Quarantäne, [ca961a3c1d5efb3baee45b60f80b629e], PUP.Optional.FunMoods.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, In Quarantäne, [5d0357ff72093bfb6b73b3e9847f9070], PUP.Optional.BProtector.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [64fc55019cdfc86e2528c7f91de69c64], PUP.Optional.Softonic.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [c79915417902f14523836d2832d07d83], PUP.Optional.Wajam.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, In Quarantäne, [f16f2e28f685f244beb5e5db7c8750b0], PUP.Optional.Iminent.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [372912440774e056699b436510f245bb], PUP.Optional.PricePeep.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PricePeep, In Quarantäne, [2a3657ff98e3fa3c25e16e3c43bf768a], Registrierungswerte: 6 PUP.Optional.Delta.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DELTA\DELTA|tlbrSrchUrl, In Quarantäne, [ca961a3c1d5efb3baee45b60f80b629e], PUP.BProtector, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=6CAEBCAEC5BE097A&affID=119982&tt=280813_ts&tsp=4989, In Quarantäne, [2e325ef81863a1957086dce0798aab55] PUP.BProtector, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [f66a68ee84f7f73fd02797257f847888] PUP.Optional.SmartBar.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\Yannik\AppData\Local\Smartbar\Application\QuickShare.exe startup, In Quarantäne, [db85e274aad143f32f9ae0db0df6f50b] PUP.Optional.Wajam.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}, C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, In Quarantäne, [c29ee47298e3dc5ac3c1206c2cd61be5] PUP.Optional.Wajam.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 1401, In Quarantäne, [f16f2e28f685f244beb5e5db7c8750b0] Registrierungsdaten: 7 PUP.Optional.StartPage, HKU\S-1-5-21-2260964575-2753946872-1401531445-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=6CAEBCAEC5BE097A&affID=119982&tt=280813_ts&tsp=4989, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=6CAEBCAEC5BE097A&affID=119982&tt=280813_ts&tsp=4989),Ersetzt,[c59bf75f0b70310520d2c691679dae52] PUP.Optional.Snapdo, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[6df395c1126921155e799bbcaf55f808] PUP.Optional.Snapdo, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=hp&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=hp&installDate={installDate}),Ersetzt,[68f80b4badce93a33f9922354fb542be] PUP.Optional.Snapdo, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[3d23ba9c7b007cba21b5b99ec73d966a] PUP.Optional.Snapdo, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[8ed24c0ac6b53ef84c8d90c70ff5da26] PUP.Optional.Snapdo, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[a0c081d5c4b7d36321b966f1a16331cf] PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=DE&userid=c285197d-944e-b4db-8025-22d11fa478a3&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[27394d09aecdcd690e64f45aa95b02fe] Ordner: 47 PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent, In Quarantäne, [09570a4cea91f93d4f6db10bb0537789], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator, In Quarantäne, [0c5466f03f3cc96d6b7d87ef39c937c9], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas, In Quarantäne, [0c5466f03f3cc96d6b7d87ef39c937c9], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache, In Quarantäne, [0c5466f03f3cc96d6b7d87ef39c937c9], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com, In Quarantäne, [0c5466f03f3cc96d6b7d87ef39c937c9], PUP.Optional.ValueApps.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\valueApps, In Quarantäne, [8bd54511bcbfab8b4fc8d6a73bc71ee2], PUP.Optional.ValueApps.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\valueApps\CT3018509, In Quarantäne, [8bd54511bcbfab8b4fc8d6a73bc71ee2], PUP.Optional.ValueApps.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\valueApps\CT3241949, In Quarantäne, [8bd54511bcbfab8b4fc8d6a73bc71ee2], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\browser, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\browser\misc, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\external, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\icons, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\resources, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\favorites, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\info, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\review, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\ar, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\de, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\en, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\es, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\fr, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\he, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\it, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\ja, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\nl, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\pl, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\pt_BR, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\ru, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\tr, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], Dateien: 192 PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, In Quarantäne, [9fc156006417ec4abeb92df161a3eb15], PUP.Optional.Softonic, C:\Users\Yannik\Desktop\SoftonicDownloader_fuer_smrecorder.exe, In Quarantäne, [91cfdb7b88f37fb7173ef90c956cf709], PUP.Optional.Iminent.A, C:\Windows\Installer\1b86c0.msi, In Quarantäne, [4d13f85e7506ae88ba882e00dd24cd33], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\SearchTheWeb.lnk, In Quarantäne, [09570a4cea91f93d4f6db10bb0537789], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Blog.lnk, In Quarantäne, [09570a4cea91f93d4f6db10bb0537789], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\FAQ.lnk, In Quarantäne, [09570a4cea91f93d4f6db10bb0537789], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Help.lnk, In Quarantäne, [09570a4cea91f93d4f6db10bb0537789], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk, In Quarantäne, [09570a4cea91f93d4f6db10bb0537789], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat, In Quarantäne, [0c5466f03f3cc96d6b7d87ef39c937c9], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1033.11575f00-7bdc-4181-ba0a-b298aeab228c.dat, In Quarantäne, [0c5466f03f3cc96d6b7d87ef39c937c9], PUP.Optional.ValueApps.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\valueApps\CT3018509\mam_gk_appsConfig.txt, In Quarantäne, [8bd54511bcbfab8b4fc8d6a73bc71ee2], PUP.Optional.ValueApps.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\valueApps\CT3018509\mam_gk_localization.txt, In Quarantäne, [8bd54511bcbfab8b4fc8d6a73bc71ee2], PUP.Optional.ValueApps.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\valueApps\CT3018509\mam_gk_settings1.13.0.17.txt, In Quarantäne, [8bd54511bcbfab8b4fc8d6a73bc71ee2], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\manifest.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\browser\background.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\browser\background.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\browser\misc\screenshot.inject.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_de.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_en_gb.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_en_us.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_fr.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_he.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_it.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_pt_br.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_ru.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\data\favorites_tr.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\angular.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\crypto-js.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\jquery-2.0.2.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\jquery.autocomplete.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\jquery.balloon.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\jquery.fittext.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\jquery.Jcrop.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\jquery.simplecolorpicker.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\mustache.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\string.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\external\underscore-min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab\gallery.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab\gallery.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab\newtab.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab\newtab.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab\review.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab\review.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab\search.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\content\newtab\search.min.js, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\external\foundation.min.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\external\indicator.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\external\Jcrop.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\external\jquery.autocomplete.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\external\jquery.Jcrop.min.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\external\jquery.simplecolorpicker.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\external\normalize.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\arrow-gallery-cat-selected.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\arrow.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\emptyArea.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\gallery.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\gallery_templates.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\icon-gallery-search.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\not_available_32.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\plus.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\gallery\X.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\icons\128.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\icons\16.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\icons\48.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\css\buttons.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\css\footer.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\css\header.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\css\list.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\css\newtab.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\css\search.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\css\themes.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\ajax-loader-2.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\ajax-loader-bar.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\ajax-loader-medium.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\ajax-loader-small.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\ajax-loader.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\arrow-footer.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\arrow-header.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\attachment.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\close.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\edit-button.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\icon-chrome.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\icon-edit.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\icon-layout.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\icon-plus.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\icon-theme.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\menu_v.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\menu_v_white.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\provider.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\x-button.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\arab_tile.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\batthern_@2X.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\bo_play_pattern_@2X.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\dark_wood_@2X.jpg, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\diagonal_striped_brick.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\escheresque_ste_@2X.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\gold_scale.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\purty_wood_@2X.jpg, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\readme.txt, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\starring_@2X.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\tileable_wood_texture_@2X.jpg, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\weave_@2X.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\wild_oliva_@2X.jpg, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\images\patterns\woven.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\resources\list.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\newtab\resources\menu.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\activetabs.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\favorites.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\layout.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\modal-fav-add.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\modal-fav-edit.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\modal-fav-group.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\readitlater.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\recentlyclosed.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\theme.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\css\webapps.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome\bookmarks.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome\download.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome\downloads.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome\downloas.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome\extensions.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome\history.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome\settings.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\chrome\trash.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\favorites\empty.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\favorites\error.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\favorites\shadow.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\info\contactus.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\info\facebook.ico, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\info\rateus.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\images\info\twitter.ico, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\activetabs.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\favorites.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\layout.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\modal-fav-add.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\modal-fav-edit.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\modal-fav-group.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\readitlater.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\readitlater_content.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\readitlater_menu.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\recentlyclosed.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\theme.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\webapps.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\plugins\resources\webapps_contextmenu.html, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\review\cat_1.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\review\cat_2.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\review\cat_3.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\review\cat_4.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\review\cat_5.gif, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\review\rating-star.png, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\skin\review\review.css, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\ar\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\de\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\en\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\es\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\fr\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\he\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\it\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\ja\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\nl\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\pl\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\pt_BR\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\ru\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.FunMoods.A, C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.15_0\_locales\tr\messages.json, In Quarantäne, [b6aa0d497efd4cea92ed0e79ef13629e], PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[520e5303aecd3ff7d36c097c976d9070] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[c19f6fe758230531ca75e1a424e00000] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[e0804511d7a4340257e8265f3ec6a55b] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[2c34cd89c3b8e056e758f78ea460916f] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.bbDpng", "27");), Ersetzt,[0a567bdbdc9fa39399a6bbcad92b857b] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.cntry", "DE");), Ersetzt,[114f60f6bac10432eb54642131d3fc04] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "en");), Ersetzt,[2c3483d35c1f61d598a787febd4708f8] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[4a16e0764635181e043bf78e09fb768a] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.hdrMd5", "ADBF2C9A881C9031FBB305D865301F26");), Ersetzt,[97c9ef670e6d94a2ef50bfc6897b936d] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "6cae971d00000000000000f1d000f1d0");), Ersetzt,[2f31114589f2c57188b7bfc648bcf60a] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15742");), Ersetzt,[5d03d97d2655d6603f008bfa25df5fa1] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[88d85df9f8837abc98a78ef710f4b848] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.lastVrsnTs", "1.8.10.018:32:01");), Ersetzt,[263a82d49ddea88eb7880f76f50f4cb4] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[025e6fe79fdcd5611f20c3c245bf6d93] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[adb3005681fabb7b40ffb0d5c73d29d7] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[a2be55019be04de9aa95d4b13dc741bf] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[530de3735e1d1b1bdb646223b84c07f9] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.sg", "azb");), Ersetzt,[362aed69572449eddc638104838146ba] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "azb");), Ersetzt,[5a06104695e6b0867bc44342e222bc44] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[b5ab084e95e663d396a9790c64a07e82] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[e779ff5797e47eb8c27dc0c5a85c659b] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.10.0");), Ersetzt,[045c0a4cabd0043274cb661f5da740c0] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.10.018:32:01");), Ersetzt,[77e958fed9a27db972cdb3d2798ba858] PUP.Optional.Delta.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.10.0");), Ersetzt,[9ac6d97d8cef32040e3189fc57ad8d73] PUP.Optional.Conduit.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=13");), Ersetzt,[540c66f0cbb0a096f35a98edba4aaf51] PUP.Optional.Conduit.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=2&q=");), Ersetzt,[4e1233232754fc3a77116a1b897b41bf] PUP.Optional.Conduit.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3018509.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=2&q=");), Ersetzt,[2e32f4622c4fd2648618b6cfaf5522de] PUP.Optional.Conduit.A, C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3018509.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3018509&octid=CT3018509&ISID=ISID_ID&SearchSource=15&CUI=UN65576590908673821&Lay=1&UM=1\"}");), Ersetzt,[154b084ec1bac96d4667265fca3a3dc3] Physische Sektoren: 0 (No malicious items detected) (end) adwcleaner: Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 27/05/2014 um 08:37:16
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Supervisor - YANNIK-NB
# Gestartet von : C:\Users\Supervisor\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\Smartbar
Ordner Gelöscht : C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\CT3018509
Ordner Gelöscht : C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\CT3241949
Ordner Gelöscht : C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\Extensions\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}
Ordner Gelöscht : C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
Datei Gelöscht : C:\Users\Supervisor\Desktop\Sync Folder.lnk
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (en-US)
[ Datei : C:\Users\Supervisor\AppData\Roaming\Mozilla\Firefox\Profiles\wbyrsny3.default\prefs.js ]
[ Datei : C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\prefs.js ]
Zeile gelöscht : user_pref("CT3018509.1000082.isPlayDisplay", "true");
Zeile gelöscht : user_pref("CT3018509.1000082.state", "{\"state\":\"stopped\",\"text\":\"Radio 8\",\"description\":\"Radio 8\",\"url\":\"hxxp://stream.radio8.de:8000/live.m3u\"}");
Zeile gelöscht : user_pref("CT3018509.1000234.TWC_TMP_city", "ESSEN");
Zeile gelöscht : user_pref("CT3018509.1000234.TWC_TMP_country", "DE");
Zeile gelöscht : user_pref("CT3018509.1000234.TWC_country", "GERMANY");
Zeile gelöscht : user_pref("CT3018509.1000234.TWC_locId", "GMNI1386");
Zeile gelöscht : user_pref("CT3018509.1000234.TWC_location", "Essen, HN, Germany");
Zeile gelöscht : user_pref("CT3018509.1000234.TWC_region", "DE");
Zeile gelöscht : user_pref("CT3018509.1000234.TWC_temp_dis", "c");
Zeile gelöscht : user_pref("CT3018509.1000234.TWC_wind_dis", "kmh");
Zeile gelöscht : user_pref("CT3018509.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3018509.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3018509.FirstTime", "true");
Zeile gelöscht : user_pref("CT3018509.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT3018509.RestartDialogFirstTime", "false");
Zeile gelöscht : user_pref("CT3018509.RestartDialogShouldDisplay", "false");
Zeile gelöscht : user_pref("CT3018509.UserID", "UN65576590908673821");
Zeile gelöscht : user_pref("CT3018509.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT3018509.appOptions", "{\"1000034\":{\"render\":true},\"1000234\":{\"render\":true},\"1000515\":{\"render\":true}}");
Zeile gelöscht : user_pref("CT3018509.browser.search.defaultthis.engineName", true);
Zeile gelöscht : user_pref("CT3018509.countryCode", "DE");
Zeile gelöscht : user_pref("CT3018509.embeddedsData", "[{\"appId\":\"129510405197729003\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT3018509.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT3018509.fixPageNotFoundErrorByUser", "TRUE");
Zeile gelöscht : user_pref("CT3018509.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT3018509.fullUserID", "UN65576590908673821.UP.20130702195221");
Zeile gelöscht : user_pref("CT3018509.installType", "DirectDownload");
Zeile gelöscht : user_pref("CT3018509.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT3018509.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3018509.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT3018509.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3018509.keyword", true);
Zeile gelöscht : user_pref("CT3018509.lastVersion", "10.30.1.502");
Zeile gelöscht : user_pref("CT3018509.mam_gk_installer_preapproved.enc", "RkFMU0U=");
Zeile gelöscht : user_pref("CT3018509.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%2F%3Fgl%3DDE%26hl%3Dde\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAI[...]
Zeile gelöscht : user_pref("CT3018509.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3018509.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CT3018509.originalSearchAddressUrl", false);
Zeile gelöscht : user_pref("CT3018509.originalSearchEngine", "FileConverter 1.3 Customized Web Search");
Zeile gelöscht : user_pref("CT3018509.originalSearchEngineName", "FileConverter 1.3 Customized Web Search");
Zeile gelöscht : user_pref("CT3018509.performedDomainChangesMigration", "true");
Zeile gelöscht : user_pref("CT3018509.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\"WEATHER\\\",\\\"BROWSER_COMPONENT\\\"]\"}");
Zeile gelöscht : user_pref("CT3018509.search.searchAppId", "129510405197729003");
Zeile gelöscht : user_pref("CT3018509.search.searchCount", "0");
Zeile gelöscht : user_pref("CT3018509.searchFromAddressBarEnabledByUser", "true");
Zeile gelöscht : user_pref("CT3018509.searchInNewTabEnabledByUser", "true");
Zeile gelöscht : user_pref("CT3018509.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT3018509.searchSuggestEnabledByUser", "True");
Zeile gelöscht : user_pref("CT3018509.searchUserMode", "1");
Zeile gelöscht : user_pref("CT3018509.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3018509\"}");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://GameMaster21.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Game Master 2.1 \"}");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_Configuration_lastUpdate", "1400872224149");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1400872219348");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_appsMetadata_lastUpdate", "1400872220270");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1400872219312");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378836182538");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_login_10.20.0.513_lastUpdate", "1397817999403");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399221370106");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400872214638");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_menu_434a494ed505ad77ce4cfa879a61a43c_lastUpdate", "1400872213893");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_menu_a43e6069358144da1b2908ca82c52bd7_lastUpdate", "1400872213796");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1400872218932");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_searchAPI_lastUpdate", "1400872221351");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_serviceMap_lastUpdate", "1400872219144");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_setupAPI_lastUpdate", "1377950890697");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_toolbarContextMenu_lastUpdate", "1400872219272");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_toolbarSettings_lastUpdate", "1400872220238");
Zeile gelöscht : user_pref("CT3018509.serviceLayer_services_translation_lastUpdate", "1400872219075");
Zeile gelöscht : user_pref("CT3018509.settingsINI", true);
Zeile gelöscht : user_pref("CT3018509.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT3018509.smartbar.CTID", "CT3018509");
Zeile gelöscht : user_pref("CT3018509.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT3018509.smartbar.homepage", true);
Zeile gelöscht : user_pref("CT3018509.smartbar.isHidden", false);
Zeile gelöscht : user_pref("CT3018509.smartbar.toolbarName", "Game Master 2.1 ");
Zeile gelöscht : user_pref("CT3018509.toolbarBornServerTime", "30-8-2013");
Zeile gelöscht : user_pref("CT3018509.toolbarCurrentServerTime", "23-5-2014");
Zeile gelöscht : user_pref("CT3018509.toolbarLoginClientTime", "Sat Aug 31 2013 14:05:58 GMT+0200");
Zeile gelöscht : user_pref("CT3018509_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1400872199340,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("CT3241949.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.FirstTime", "true");
Zeile gelöscht : user_pref("CT3241949.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT3241949.RestartDialogFirstTime", "false");
Zeile gelöscht : user_pref("CT3241949.UserID", "UN94778994972780914");
Zeile gelöscht : user_pref("CT3241949.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT3241949.countryCode", "DE");
Zeile gelöscht : user_pref("CT3241949.fixPageNotFoundErrorByUser", "TRUE");
Zeile gelöscht : user_pref("CT3241949.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT3241949.fullUserID", "UN94778994972780914.UP.20130702195221");
Zeile gelöscht : user_pref("CT3241949.installType", "DirectDownload");
Zeile gelöscht : user_pref("CT3241949.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT3241949.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.lastVersion", "10.30.1.502");
Zeile gelöscht : user_pref("CT3241949.mam_gk_installer_preapproved.enc", "RkFMU0U=");
Zeile gelöscht : user_pref("CT3241949.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.mozilla.org%2Fen-US%2Ffirefox%2F29.0.1%2Fwhatsnew%2F%3Foldversion%3D28.0\",\"EB_MAIN_FR[...]
Zeile gelöscht : user_pref("CT3241949.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.performedDomainChangesMigration", "true");
Zeile gelöscht : user_pref("CT3241949.searchInNewTabEnabledByUser", "true");
Zeile gelöscht : user_pref("CT3241949.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT3241949.searchSuggestEnabledByUser", "True");
Zeile gelöscht : user_pref("CT3241949.searchUserMode", "1");
Zeile gelöscht : user_pref("CT3241949.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3241949\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FileConverter13.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FileConverter 1.3 \"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_Configuration_lastUpdate", "1400872224671");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1400872213382");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_appsMetadata_lastUpdate", "1400872219627");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1400872213691");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378836184589");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.20.0.513_lastUpdate", "1397817999869");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399221370165");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400872213320");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1400872219410");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1400872211908");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1400872213743");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_searchAPI_lastUpdate", "1400872220462");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_serviceMap_lastUpdate", "1400872213104");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_setupAPI_lastUpdate", "1377950890464");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarContextMenu_lastUpdate", "1400872212981");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarSettings_lastUpdate", "1400872213721");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_translation_lastUpdate", "1400872212892");
Zeile gelöscht : user_pref("CT3241949.settingsINI", true);
Zeile gelöscht : user_pref("CT3241949.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT3241949.smartbar.CTID", "CT3241949");
Zeile gelöscht : user_pref("CT3241949.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT3241949.smartbar.isHidden", false);
Zeile gelöscht : user_pref("CT3241949.smartbar.toolbarName", "FileConverter 1.3 ");
Zeile gelöscht : user_pref("CT3241949.toolbarBornServerTime", "30-8-2013");
Zeile gelöscht : user_pref("CT3241949.toolbarCurrentServerTime", "23-5-2014");
Zeile gelöscht : user_pref("CT3241949.toolbarLoginClientTime", "Sat Aug 31 2013 14:05:58 GMT+0200");
Zeile gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1400872186264,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=13");
Zeile gelöscht : user_pref("Smartbar.TBSearchEngineList", "Game Master 2.1 Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.TBSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3018509");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Game Master 2.1 Customized Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Game Master 2.1 Customized Web Search");
Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Zeile gelöscht : user_pref("extensions.SmartSuggestor.aid", "20049");
Zeile gelöscht : user_pref("extensions.SmartSuggestor.page-keywords", "instalok camping hard|instalok all songs|all songs instalok|instalok all songs composition|leistungsbewertung deutsch grundschule nrw|Bewertung Gr[...]
Zeile gelöscht : user_pref("extensions.SmartSuggestor.showButton", false);
Zeile gelöscht : user_pref("extensions.SmartSuggestor.sub", "");
Zeile gelöscht : user_pref("extensions.SmartSuggestor.uid", "4915fee0fee65fc68395be653069ccaf");
Zeile gelöscht : user_pref("extensions.searchya.aflt", "grupo1y");
Zeile gelöscht : user_pref("extensions.searchya.appId", "{1973277F-87B0-4EA3-9ED2-470A91D284CF}");
Zeile gelöscht : user_pref("extensions.searchya.cntry", "DE");
Zeile gelöscht : user_pref("extensions.searchya.dfltLng", "");
Zeile gelöscht : user_pref("extensions.searchya.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.searchya.dnsErr", true);
Zeile gelöscht : user_pref("extensions.searchya.dspFFXOld", "");
Zeile gelöscht : user_pref("extensions.searchya.excTlbr", false);
Zeile gelöscht : user_pref("extensions.searchya.hdrMd5", "C292138CDF01978F8459117782E116B4");
Zeile gelöscht : user_pref("extensions.searchya.hmpg", true);
Zeile gelöscht : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=[...]
Zeile gelöscht : user_pref("extensions.searchya.hpFFXOld", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("extensions.searchya.id", "BCAEC5BE097A971D");
Zeile gelöscht : user_pref("extensions.searchya.instlDay", "15762");
Zeile gelöscht : user_pref("extensions.searchya.instlRef", "");
Zeile gelöscht : user_pref("extensions.searchya.lastVrsnTs", "1.8.8.015:54:56");
Zeile gelöscht : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?f=2&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&c[...]
Zeile gelöscht : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"65\",\"lastVrsn\":\"65\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.searchya.prdct", "searchya");
Zeile gelöscht : user_pref("extensions.searchya.prtnrId", "searchya");
Zeile gelöscht : user_pref("extensions.searchya.sg", "none");
Zeile gelöscht : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
Zeile gelöscht : user_pref("extensions.searchya.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?f=3&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U[...]
Zeile gelöscht : user_pref("extensions.searchya.vrsn", "1.8.8.0");
Zeile gelöscht : user_pref("extensions.searchya.vrsni", "1.8.8.0");
Zeile gelöscht : user_pref("extensions.searchya_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.searchya_i.newTab", false);
Zeile gelöscht : user_pref("extensions.searchya_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.searchya_i.vrsnTs", "1.8.8.015:54:56");
Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "1401");
Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":1179,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1377950750982 - processInstallationUpgrade - version set to : 1.26\n1377950750982 - processBrowserLoad - Bad mappingListJsonString: null\n1377950754108 - proce[...]
Zeile gelöscht : user_pref("extensions.wajam.unique_id", "A32DF89A443C256CCF5034E3E340D479");
Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");
Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Zeile gelöscht : user_pref("extentions.y2layers.installId", "9e16e9b3-5e05-43f7-b471-dbb9c2037cb9");
Zeile gelöscht : user_pref("iminent.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.1090340332433917,\"s\":0,\"es\":3}");
Zeile gelöscht : user_pref("iminent.adapters", "{\"gamesxite.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"13984[...]
Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCt8K1wrjCsMKywrLCucK5\",\"raw_pkgid\":\"164913388\"}");
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ID\":80,\"PROGRAM_NAME\":\"Iminent JSinject\",\"Domain\":\"iminent \",\"MERCHANTS_MARKETPLA[...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCt8K1wrjCsMKywrLCucK5");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent100", "1397818028819");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent101", "1378575385505");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1398439255676");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent140", "1398533147052");
Zeile gelöscht : user_pref("iminent.trackExternalScripts1", "1398438952815");
Zeile gelöscht : user_pref("iminent.trackExternalScripts2", "1398438954724");
Zeile gelöscht : user_pref("iminent.trackExternalScripts3", "1398443948609");
Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Zeile gelöscht : user_pref("iminent.version", "8.17.2.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1378837999369,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1398591687199}");
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3018509");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=2&q=");
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3018509");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3018509");
Zeile gelöscht : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.machineId", "JFUXNNTPBUXZOTYKJOCLC+TXARX3DFCXZIDMOLKVJPTI4XEF/WNNRLMHXUYAYDMF1NJCGR0R+E1XF3MPKWXRAW");
Zeile gelöscht : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&octid=CT3018509&CUI=UN65576590908673821&UM=1&SearchSource=2&q=");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appStateReportTime", "31343030383732323438343331");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appStateReportTime.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_CouponBuddy", "6F6666");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_CouponBuddy.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_Easytobook", "6F6666");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_Easytobook.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_Easytobook_targeted", "6F6666");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_GetDeal", "6F6666");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_GetDeal.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_WindowShopper", "6F6666");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appState_WindowShopper.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appsConfig.storedInFile", true);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appsDefaultEnabled", "6E756C6C");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_appsDefaultEnabled.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_calledSetupService", "31");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_calledSetupService.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_currentVersion", "312E31332E302E3137");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_currentVersion.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_eventsCache", "7B2233313635346637372D373734622D343938612D386332342D663538666532306136666333223A7B22746F706963223A2273656E645573616765222C2264617461223A7B226361746[...]
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_eventsCache.storedInFile", true);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_existingUsersRecoveryDone", "31");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_first_time", "31");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_first_time.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_gadgetOpen", "77656C636F6D65");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_gadgetOpen.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_lastLoginTime", "31333939393131303230363938");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_lastLoginTime.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_localization.storedInFile", true);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_mamEnabled", "66616C7365");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_mamEnabled.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_migrated_from_ls", "31");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_migrated_from_ls.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_new_welcome_experience", "31");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_new_welcome_experience.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_settings1.13.0.17.storedInFile", true);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_showWelcomeGadget", "66616C7365");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_showWelcomeGadget.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_stamp", "313130325F31");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_stamp.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_userBornDate", "4E2F41");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_userBornDate.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_userId", "35386232396462302D366663632D346265622D383135302D373630613438356133656138");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_userId.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_user_approval_interacted", "30");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_user_approval_interacted.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_welcomeDialogMode", "30");
Zeile gelöscht : user_pref("valueApps.CT3018509.mam_gk_welcomeDialogMode.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3241949.mam_gk_currentVersion", "312E31332E302E3137");
Zeile gelöscht : user_pref("valueApps.CT3241949.mam_gk_currentVersion.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3241949.mam_gk_migrated_from_ls", "31");
Zeile gelöscht : user_pref("valueApps.CT3241949.mam_gk_migrated_from_ls.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT3241949.mam_gk_userBornDate", "4E2F41");
Zeile gelöscht : user_pref("valueApps.CT3241949.mam_gk_userBornDate.storedInFile", false);
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Freunde\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Yannik\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : cjpglkicenollcignonpgiafdgfeehoj
*************************
AdwCleaner[R0].txt - [31673 octets] - [29/04/2014 15:29:04]
AdwCleaner[R1].txt - [30975 octets] - [27/05/2014 08:35:31]
AdwCleaner[S0].txt - [31270 octets] - [29/04/2014 15:31:42]
AdwCleaner[S1].txt - [30895 octets] - [27/05/2014 08:37:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [30956 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Supervisor on 27.05.2014 at 8:47:07,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2260964575-2753946872-1401531445-1007\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
~~~ FireFox
Emptied folder: C:\Users\Supervisor\AppData\Roaming\mozilla\firefox\profiles\wbyrsny3.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2014 at 8:58:02,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
27.05.2014, 08:07
| #6 |
| | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft und die frische frst, die vorher nicht mehr reinpasste: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Supervisor (administrator) on YANNIK-NB on 27-05-2014 08:59:11
Running from C:\Users\Supervisor\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541976 2014-04-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2260964575-2753946872-1401531445-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk
ShortcutTarget: GlobeTrotter Connect.lnk -> C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1002\User: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1001\User: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCCD51E63205ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1416129183&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1416129183&ir=
SearchScopes: HKLM - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM - {6AC7F7A6-4DA3-6240-2E01-7B007B044D31} URL =
SearchScopes: HKLM-x32 - {47420D7F-BE7F-3E26-CF12-4AA921CD5257} URL =
SearchScopes: HKLM-x32 - {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4189992F-9A16-4604-80F5-C8E63760BA87} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Supervisor\AppData\Roaming\Mozilla\Firefox\Profiles\wbyrsny3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-07]
CHR Extension: (Google Drive) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (YouTube) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
CHR Extension: (Google-Suche) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
CHR Extension: (Google Wallet) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-07]
CHR Extension: (Google Mail) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-26]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-26] ()
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [130048 2009-06-11] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [86528 2009-06-11] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10496 2009-06-11] (Option N.V.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-27 08:59 - 2014-05-27 08:59 - 00013377 _____ () C:\Users\Supervisor\Desktop\FRST.txt
2014-05-27 08:58 - 2014-05-27 08:58 - 00001154 _____ () C:\Users\Supervisor\Desktop\JRT.txt
2014-05-27 08:46 - 2014-05-27 08:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 08:45 - 2014-05-27 08:45 - 00031037 _____ () C:\Users\Supervisor\Desktop\AdwCleaner[S1].txt
2014-05-27 08:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-27 08:34 - 2014-05-27 08:34 - 00069671 _____ () C:\Users\Supervisor\Desktop\mbam.txt
2014-05-27 07:57 - 2014-05-27 08:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 07:56 - 2014-05-27 07:56 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 07:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 07:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-27 07:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 07:51 - 2014-05-27 07:51 - 01016261 _____ (Thisisu) C:\Users\Supervisor\Desktop\JRT.exe
2014-05-27 07:50 - 2014-05-27 07:50 - 01327971 _____ () C:\Users\Supervisor\Desktop\adwcleaner_3.211.exe
2014-05-27 07:08 - 2014-05-27 07:08 - 00000000 ____D () C:\Users\Supervisor\Desktop\FRST-OlderVersion
2014-05-24 15:52 - 2014-05-24 15:52 - 00031563 _____ () C:\Users\Supervisor\Documents\ComboFix.txt
2014-05-24 14:24 - 2014-05-24 15:52 - 00000000 ____D () C:\Qoobox
2014-05-24 14:24 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-24 14:24 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-24 14:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-24 14:23 - 2014-05-24 15:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 14:15 - 2014-05-24 14:15 - 05200426 ____R (Swearware) C:\Users\Supervisor\Desktop\ComboFix.exe
2014-05-24 14:04 - 2014-05-24 14:04 - 00001276 _____ () C:\Users\Supervisor\Desktop\Revo Uninstaller.lnk
2014-05-24 14:04 - 2014-05-24 14:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-24 13:04 - 2014-05-24 13:04 - 00456000 _____ () C:\Windows\Minidump\052414-31512-01.dmp
2014-05-24 11:57 - 2014-05-24 11:57 - 00023729 _____ () C:\Users\Supervisor\Desktop\gmer_und_avast_scans.rar
2014-05-24 11:53 - 2014-05-24 11:54 - 00072779 _____ () C:\Users\Supervisor\Documents\avastscan 11052014.txt
2014-05-24 11:53 - 2014-05-24 11:53 - 00072777 _____ () C:\Users\Supervisor\Documents\avastscan 10052014.txt
2014-05-24 11:51 - 2014-05-24 11:52 - 00078587 _____ () C:\Users\Supervisor\Documents\avastscan 15042014.txt
2014-05-24 11:03 - 2014-05-24 11:55 - 00090545 _____ () C:\Users\Supervisor\Documents\avastscan 23052014.txt
2014-05-24 10:46 - 2014-05-24 10:46 - 00308912 _____ () C:\Users\Supervisor\Documents\gmer.txt
2014-05-24 10:16 - 2014-05-24 10:16 - 00032717 _____ () C:\Users\Supervisor\Documents\Addition.txt
2014-05-24 10:15 - 2014-05-27 08:59 - 00000000 ____D () C:\FRST
2014-05-24 10:15 - 2014-05-27 07:09 - 00038709 _____ () C:\Users\Supervisor\Documents\FRST.txt
2014-05-24 10:14 - 2014-05-24 10:14 - 00000482 _____ () C:\Users\Supervisor\Documents\defogger_disable.log
2014-05-24 10:14 - 2014-05-24 10:14 - 00000000 _____ () C:\Users\Supervisor\defogger_reenable
2014-05-23 21:04 - 2014-05-23 21:04 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends (2).lnk
2014-05-23 21:04 - 2014-05-23 21:04 - 00000178 _____ () C:\Users\Yannik\Desktop\Neue Verknüpfung.lnk
2014-05-23 18:45 - 2014-05-23 18:45 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Brother
2014-05-23 18:43 - 2014-05-23 18:43 - 00380416 _____ () C:\Users\Supervisor\Desktop\Gmer-19357.exe
2014-05-23 18:42 - 2014-05-27 07:08 - 02066944 _____ (Farbar) C:\Users\Supervisor\Desktop\FRST64.exe
2014-05-23 18:41 - 2014-05-23 18:41 - 00050477 _____ () C:\Users\Supervisor\Desktop\Defogger.exe
2014-05-20 01:30 - 2014-05-20 01:30 - 00000000 ____D () C:\Users\Freunde\AppData\Local\Google
2014-05-19 23:20 - 2014-05-19 23:20 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\LolClient
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\AVAST Software
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn
2014-05-15 08:12 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 08:12 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 08:12 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 08:12 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 08:12 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:12 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 07:30 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:30 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:30 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:30 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:29 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:29 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:29 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:29 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:28 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:28 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:28 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:28 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:28 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:28 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:28 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:28 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:28 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:28 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:28 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:28 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:28 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:28 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 19:31 - 2014-05-14 19:31 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-07 17:22 - 2014-05-07 17:22 - 00002220 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-05-07 17:22 - 2014-05-07 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-07 17:20 - 2014-05-26 18:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-07 17:20 - 2014-05-07 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-07 17:18 - 2014-05-27 08:42 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 17:18 - 2014-05-27 08:31 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 17:18 - 2014-05-10 05:26 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 17:18 - 2014-05-10 05:26 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 17:18 - 2014-05-07 17:22 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Google
2014-05-07 17:18 - 2014-05-07 17:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-06 07:48 - 2014-05-15 08:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 13:40 - 2014-05-04 13:40 - 00028913 _____ () C:\Users\Supervisor\Documents\Unbenannt 2.odt
2014-05-04 13:26 - 2014-05-04 13:26 - 00020699 _____ () C:\Users\Supervisor\Documents\Politik Projekt.odt
2014-05-04 12:53 - 2014-04-25 18:01 - 00001613 _____ () C:\Users\Yannik\Desktop\Play League of Legends.lnk
2014-05-04 12:47 - 2014-05-04 12:47 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends.lnk
2014-05-02 04:00 - 2014-05-02 04:00 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Macromedia
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Mozilla
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Mozilla
2014-04-29 15:28 - 2014-05-27 08:38 - 00000000 ____D () C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2014-05-27 08:59 - 2014-05-27 08:59 - 00013377 _____ () C:\Users\Supervisor\Desktop\FRST.txt
2014-05-27 08:59 - 2014-05-24 10:15 - 00000000 ____D () C:\FRST
2014-05-27 08:58 - 2014-05-27 08:58 - 00001154 _____ () C:\Users\Supervisor\Desktop\JRT.txt
2014-05-27 08:54 - 2013-09-22 14:48 - 00000680 __RSH () C:\Users\Supervisor\ntuser.pol
2014-05-27 08:54 - 2013-09-22 14:43 - 00000000 ____D () C:\Users\Supervisor
2014-05-27 08:52 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 08:52 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 08:46 - 2014-05-27 08:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 08:45 - 2014-05-27 08:45 - 00031037 _____ () C:\Users\Supervisor\Desktop\AdwCleaner[S1].txt
2014-05-27 08:45 - 2014-04-17 12:17 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-27 08:45 - 2013-09-22 14:50 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\LogMeIn Hamachi
2014-05-27 08:42 - 2014-05-07 17:18 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 08:42 - 2011-05-16 01:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-27 08:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 08:42 - 2009-07-14 06:51 - 00124954 _____ () C:\Windows\setupact.log
2014-05-27 08:41 - 2010-11-21 05:47 - 00250096 _____ () C:\Windows\PFRO.log
2014-05-27 08:40 - 2011-05-07 01:46 - 01277771 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 08:38 - 2014-04-29 15:28 - 00000000 ____D () C:\AdwCleaner
2014-05-27 08:34 - 2014-05-27 08:34 - 00069671 _____ () C:\Users\Supervisor\Desktop\mbam.txt
2014-05-27 08:33 - 2014-05-27 07:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 08:31 - 2014-05-07 17:18 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 08:30 - 2013-01-25 21:34 - 00000000 ____D () C:\Windows\Minidump
2014-05-27 08:10 - 2013-02-06 19:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 07:56 - 2014-05-27 07:56 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 07:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-05-27 07:52 - 2013-09-28 12:26 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\CrashDumps
2014-05-27 07:51 - 2014-05-27 07:51 - 01016261 _____ (Thisisu) C:\Users\Supervisor\Desktop\JRT.exe
2014-05-27 07:50 - 2014-05-27 07:50 - 01327971 _____ () C:\Users\Supervisor\Desktop\adwcleaner_3.211.exe
2014-05-27 07:09 - 2014-05-24 10:15 - 00038709 _____ () C:\Users\Supervisor\Documents\FRST.txt
2014-05-27 07:08 - 2014-05-27 07:08 - 00000000 ____D () C:\Users\Supervisor\Desktop\FRST-OlderVersion
2014-05-27 07:08 - 2014-05-23 18:42 - 02066944 _____ (Farbar) C:\Users\Supervisor\Desktop\FRST64.exe
2014-05-27 07:08 - 2014-04-15 17:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-26 18:39 - 2012-05-05 16:57 - 00661544 __RSH () C:\Users\Yannik\ntuser.pol
2014-05-26 18:39 - 2011-10-14 16:32 - 00000000 ____D () C:\Users\Yannik
2014-05-26 18:33 - 2014-05-07 17:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-26 18:30 - 2013-02-08 00:00 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn Hamachi
2014-05-26 18:29 - 2013-02-04 22:38 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\Skype
2014-05-24 15:52 - 2014-05-24 15:52 - 00031563 _____ () C:\Users\Supervisor\Documents\ComboFix.txt
2014-05-24 15:52 - 2014-05-24 14:24 - 00000000 ____D () C:\Qoobox
2014-05-24 15:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-24 15:50 - 2014-05-24 14:23 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 15:47 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-24 15:43 - 2009-07-14 04:34 - 59768832 _____ () C:\Windows\system32\config\software.bak
2014-05-24 15:43 - 2009-07-14 04:34 - 35913728 _____ () C:\Windows\system32\config\system.bak
2014-05-24 15:43 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2014-05-24 15:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-05-24 15:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-05-24 14:15 - 2014-05-24 14:15 - 05200426 ____R (Swearware) C:\Users\Supervisor\Desktop\ComboFix.exe
2014-05-24 14:04 - 2014-05-24 14:04 - 00001276 _____ () C:\Users\Supervisor\Desktop\Revo Uninstaller.lnk
2014-05-24 14:04 - 2014-05-24 14:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-24 13:04 - 2014-05-24 13:04 - 00456000 _____ () C:\Windows\Minidump\052414-31512-01.dmp
2014-05-24 13:03 - 2013-01-25 21:34 - 927421629 _____ () C:\Windows\MEMORY.DMP
2014-05-24 12:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-24 11:57 - 2014-05-24 11:57 - 00023729 _____ () C:\Users\Supervisor\Desktop\gmer_und_avast_scans.rar
2014-05-24 11:55 - 2014-05-24 11:03 - 00090545 _____ () C:\Users\Supervisor\Documents\avastscan 23052014.txt
2014-05-24 11:54 - 2014-05-24 11:53 - 00072779 _____ () C:\Users\Supervisor\Documents\avastscan 11052014.txt
2014-05-24 11:53 - 2014-05-24 11:53 - 00072777 _____ () C:\Users\Supervisor\Documents\avastscan 10052014.txt
2014-05-24 11:52 - 2014-05-24 11:51 - 00078587 _____ () C:\Users\Supervisor\Documents\avastscan 15042014.txt
2014-05-24 10:46 - 2014-05-24 10:46 - 00308912 _____ () C:\Users\Supervisor\Documents\gmer.txt
2014-05-24 10:16 - 2014-05-24 10:16 - 00032717 _____ () C:\Users\Supervisor\Documents\Addition.txt
2014-05-24 10:14 - 2014-05-24 10:14 - 00000482 _____ () C:\Users\Supervisor\Documents\defogger_disable.log
2014-05-24 10:14 - 2014-05-24 10:14 - 00000000 _____ () C:\Users\Supervisor\defogger_reenable
2014-05-23 23:03 - 2013-09-17 17:35 - 00000000 ____D () C:\Users\Freunde\AppData\Local\CrashDumps
2014-05-23 23:01 - 2012-05-05 16:57 - 01460074 __RSH () C:\Users\Freunde\ntuser.pol
2014-05-23 23:01 - 2012-05-05 16:13 - 00000000 ____D () C:\Users\Freunde
2014-05-23 23:00 - 2013-09-15 12:56 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn Hamachi
2014-05-23 21:04 - 2014-05-23 21:04 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends (2).lnk
2014-05-23 21:04 - 2014-05-23 21:04 - 00000178 _____ () C:\Users\Yannik\Desktop\Neue Verknüpfung.lnk
2014-05-23 18:45 - 2014-05-23 18:45 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Brother
2014-05-23 18:43 - 2014-05-23 18:43 - 00380416 _____ () C:\Users\Supervisor\Desktop\Gmer-19357.exe
2014-05-23 18:41 - 2014-05-23 18:41 - 00050477 _____ () C:\Users\Supervisor\Desktop\Defogger.exe
2014-05-23 09:07 - 2014-04-15 16:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-22 18:19 - 2011-05-07 02:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-22 10:49 - 2010-11-21 08:50 - 01791316 _____ () C:\Windows\system32\perfh007.dat
2014-05-22 10:49 - 2010-11-21 08:50 - 00491516 _____ () C:\Windows\system32\perfc007.dat
2014-05-22 10:49 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 01:30 - 2014-05-20 01:30 - 00000000 ____D () C:\Users\Freunde\AppData\Local\Google
2014-05-19 23:20 - 2014-05-19 23:20 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\LolClient
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\AVAST Software
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn
2014-05-19 23:18 - 2012-05-05 16:13 - 00001433 _____ () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-19 23:18 - 2012-05-05 16:13 - 00000000 ___RD () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 23:18 - 2012-05-05 16:13 - 00000000 ___RD () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 23:18 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-17 22:08 - 2011-10-14 16:34 - 00000000 ___RD () C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 22:08 - 2011-10-14 16:34 - 00000000 ___RD () C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 22:05 - 2014-04-17 12:17 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\DiskDefrag
2014-05-16 15:14 - 2014-04-15 17:23 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-16 15:14 - 2014-04-15 17:22 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 15:14 - 2014-04-15 17:22 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 08:26 - 2013-09-22 14:49 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:26 - 2013-09-22 14:49 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:16 - 2014-05-06 07:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 08:11 - 2013-08-29 13:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:10 - 2013-02-06 19:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 08:10 - 2013-02-06 19:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 08:10 - 2013-02-06 19:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 08:07 - 2012-08-23 14:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:31 - 2014-05-14 19:31 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-13 17:22 - 2011-10-17 15:27 - 00000000 ____D () C:\Users\Yannik\AppData\Local\CrashDumps
2014-05-12 07:26 - 2014-05-27 07:56 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-27 07:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-27 07:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 04:06 - 2014-04-25 17:25 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\PMB Files
2014-05-11 14:56 - 2013-02-05 16:14 - 00000000 ____D () C:\Users\Yannik\Desktop\Neuer Ordner
2014-05-10 05:26 - 2014-05-07 17:18 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 05:26 - 2014-05-07 17:18 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-15 07:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 07:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 18:27 - 2014-04-25 17:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-07 17:22 - 2014-05-07 17:22 - 00002220 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-05-07 17:22 - 2014-05-07 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-07 17:22 - 2014-05-07 17:18 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Google
2014-05-07 17:22 - 2014-05-07 17:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-07 17:20 - 2014-05-07 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 06:40 - 2014-05-15 08:12 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 08:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 08:12 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 08:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 08:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 08:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 13:40 - 2014-05-04 13:40 - 00028913 _____ () C:\Users\Supervisor\Documents\Unbenannt 2.odt
2014-05-04 13:26 - 2014-05-04 13:26 - 00020699 _____ () C:\Users\Supervisor\Documents\Politik Projekt.odt
2014-05-04 12:47 - 2014-05-04 12:47 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends.lnk
2014-05-02 04:00 - 2014-05-02 04:00 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Macromedia
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Mozilla
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Mozilla
2014-04-29 15:17 - 2013-02-27 21:46 - 00000000 ____D () C:\Program Files (x86)\PC Beschleunigen
Some content of TEMP:
====================
C:\Users\Supervisor\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-24 12:23
==================== End Of Log ============================
|
|
28.05.2014, 09:24
| #7 |
| /// the machine /// TB-Ausbilder | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuftESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2014, 10:25
| #8 |
| | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft Okay, alles erledigt. Zur Frage noch bestehender Probleme: Es gab ja zuletzt nicht wirklich welche, außer das der Rechner auffällig langsam lief. Und die anhaltenden Funde von Avast machten mich natürlich nervös. In erster Linie möchte ich sicher sein, alles an Schadsoftware entfernt zu haben. Hier die gewünschten Logfiles: eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=250e4ce69ec731428588640f8a1ae149
# engine=18444
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-28 04:58:44
# local_time=2014-05-28 06:58:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 76 129243 2801545 0 0
# compatibility_mode=5893 16776573 100 94 77227 152926174 0 0
# scanned=133412
# found=55
# cleaned=0
# scan_time=7778
sh=8CF1FB23B19C194DA2C15EF06729221E69AEA233 ft=1 fh=d91bac54614ec850 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.8.8.0\escortShld.dll.vir"
sh=74C04A18FA158E1D9FF949EBCC11539374A1122B ft=1 fh=0cd96a9675acc299 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.8.8.0\searchyaApp.dll.vir"
sh=596EC705EFBAD8CCA84A5E1A08ACCFED504D712C ft=1 fh=ec750abc87a09058 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.8.8.0\searchyaEng.dll.vir"
sh=B01E5D44445AA2E5ECD32D842C3CFE515BBE561B ft=1 fh=a0a64886e8810e3f vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.8.8.0\searchyasrv.exe.vir"
sh=28E436DB1B208A09709BBCDFE8327E6BB3C23187 ft=1 fh=a227348c24bbce4a vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.8.8.0\searchyaTlbr.dll.vir"
sh=1C652974CBEBDF8D335B35D7FA5477CE5B24AB32 ft=1 fh=849a46e53fd09e65 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.8.8.0\bh\searchya.dll.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=FF7E1C995296CD206B63845432945A28B002C37F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\0Extension.crx.vir"
sh=275FF519936318C1554DECF4081E9589460EDB10 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\1Extension.crx.vir"
sh=DE46FB2527707B8004887AC1C0A9D70A83397B08 ft=1 fh=ea9b2a3f8e423e12 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir"
sh=5E0BF757974EFA1D6D92161E638A120B43A20623 ft=1 fh=30e018c93fdfbe1b vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=D9C666D50F64C789158AE0F5E7B677DADD5344B7 ft=1 fh=eb5095579433bd4c vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir"
sh=1828E5A2020476E9F8C836F8DA7F0E45AD4A5CFE ft=1 fh=4d499f55282b08ab vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=6A20DB98A839C2466B851C30913035E9E5E1D8A9 ft=1 fh=dcaf92453c32ae87 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=EBDA362BA267A6ED11D04B6E0286DCCD93576E51 ft=1 fh=5ecad133a49c4ffe vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir"
sh=40FE411BCC0D3EF3D4607A4BE412144561F44A2B ft=1 fh=e1048f6d24eae0c4 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=E97D293B3DB49F3773F01E874FC5950246B995C2 ft=1 fh=6d0be83a5940716c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=F9F2374EC5A73CDD76AFCE86E4404C800703FA39 ft=1 fh=01f699d01e7fb609 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=464008C951A313C130555772D453294A9FB2A3D6 ft=1 fh=6dfd91ed8d85acf0 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=FA5FB8C6BBC70BB3FD39CD61C5FABB6CF6C6313F ft=1 fh=0450cfcabe17ab26 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=E7A06A582218F5DD0E8DD0A6B30E8D993F45E335 ft=1 fh=c3a343ae1ba20fba vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_10.dll.vir"
sh=3AC4106396ABF4412FA9FA434FCC816007511849 ft=1 fh=e7ff80b85aee9fe1 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_11.dll.vir"
sh=ABAA231F5172D62DB83B8396640EDC3A96B99AAF ft=1 fh=a660ff4ebb92c017 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_12.dll.vir"
sh=A3089A02827A38390D918C378ADA0318FA343F3A ft=1 fh=14594b9b2421fb24 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_13.dll.vir"
sh=D25520431384F5ED3393D42D40EA847E4F49AF7A ft=1 fh=75a833ecf81f82d3 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_14.dll.vir"
sh=2440B5594C82A9389F3010521E3C3D2A2F394E38 ft=1 fh=372c54954e0fab89 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_15.dll.vir"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir"
sh=70591D3A38FB30FFE474BB81806A2DA101447C35 ft=1 fh=69048a99f53b2a8d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=7D4437B2F5CAB0046425985021539BAE00A6EBB3 ft=1 fh=f721f93465337668 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=476FF7374739E72DBD460F718124EB5C0C12C12B ft=1 fh=90fcad472cc81c1c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=E82911EAC0814AE48FA2B0F0B8E66BF02EBBFC58 ft=1 fh=4681bb644da350d4 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=787EB05D0232193EF39BCC18F9D7166114A1405E ft=1 fh=bdc05d57705cce40 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=1F15642CFCFC3825E7CAE4B38B822BBA5FEDCFE4 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\Extensions\plugin@yontoo.com.xpi.vir"
sh=40FCC3AC7B41742AB94953AB620EA6FBF76186D2 ft=1 fh=9a51c8564a38a910 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\Extensions\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}\ctypes\FirefoxCtype.dll.vir"
sh=37EFB3E87E522AA93256602DED98DB1FBC3247B7 ft=1 fh=cf400ef71c20bacb vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\Extensions\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}\Plugins\npFirefoxPlugin.dll.vir"
sh=40FCC3AC7B41742AB94953AB620EA6FBF76186D2 ft=1 fh=9a51c8564a38a910 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\ctypes\FirefoxCtype.dll.vir"
sh=37EFB3E87E522AA93256602DED98DB1FBC3247B7 ft=1 fh=cf400ef71c20bacb vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\Plugins\npFirefoxPlugin.dll.vir"
sh=48102831CBC5EFE6D1EB4B98A239F77C59DA19BA ft=1 fh=e5895d558780522b vn="Variante von Win32/DealPly.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yannik\AppData\Roaming\SearchYa\UpdateProc\UpdateTask.exe.vir"
sh=815D39E4B940338DA0ABAAC61084BD1D0D609A97 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap"
sh=E7A06A582218F5DD0E8DD0A6B30E8D993F45E335 ft=1 fh=c3a343ae1ba20fba vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_10.dll"
sh=3AC4106396ABF4412FA9FA434FCC816007511849 ft=1 fh=e7ff80b85aee9fe1 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_11.dll"
sh=ABAA231F5172D62DB83B8396640EDC3A96B99AAF ft=1 fh=a660ff4ebb92c017 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_12.dll"
sh=A3089A02827A38390D918C378ADA0318FA343F3A ft=1 fh=14594b9b2421fb24 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_13.dll"
sh=D25520431384F5ED3393D42D40EA847E4F49AF7A ft=1 fh=75a833ecf81f82d3 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_14.dll"
sh=2440B5594C82A9389F3010521E3C3D2A2F394E38 ft=1 fh=372c54954e0fab89 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_15.dll"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\AppData\Roaming\Mozilla\Firefox\Profiles\tavoq8ph.default\extensions\{{InstallationHashID}}\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=BFEB0AB4171B5A06BD1B9450BB377C11B1FE475A ft=1 fh=eccb1c45880fbc95 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yannik\Desktop\smrecorder_installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Adobe Reader XI
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.137
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Supervisor (administrator) on YANNIK-NB on 29-05-2014 11:18:07
Running from C:\Users\Supervisor\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541976 2014-04-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2260964575-2753946872-1401531445-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk
ShortcutTarget: GlobeTrotter Connect.lnk -> C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1002\User: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1001\User: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCCD51E63205ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1416129183&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0B0EtDzyyB0AzyyBtC0DtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1416129183&ir=
SearchScopes: HKLM - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM - {6AC7F7A6-4DA3-6240-2E01-7B007B044D31} URL =
SearchScopes: HKLM-x32 - {47420D7F-BE7F-3E26-CF12-4AA921CD5257} URL =
SearchScopes: HKLM-x32 - {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4189992F-9A16-4604-80F5-C8E63760BA87} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Supervisor\AppData\Roaming\Mozilla\Firefox\Profiles\wbyrsny3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-07]
CHR Extension: (Google Drive) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (YouTube) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
CHR Extension: (Google-Suche) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
CHR Extension: (Google Wallet) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-07]
CHR Extension: (Google Mail) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-26]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-26] ()
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [130048 2009-06-11] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [86528 2009-06-11] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10496 2009-06-11] (Option N.V.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 11:17 - 2014-05-29 11:17 - 00000809 _____ () C:\Users\Supervisor\Desktop\checkup.txt
2014-05-29 11:16 - 2014-05-29 11:17 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Notepad++
2014-05-28 20:12 - 2014-05-28 20:14 - 00785920 _____ (InterActual Technologies, Inc.) C:\Users\Supervisor\Downloads\iPlayer.exe
2014-05-28 16:46 - 2014-05-29 11:00 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-28 16:42 - 2014-05-28 16:42 - 00854367 _____ () C:\Users\Supervisor\Desktop\SecurityCheck.exe
2014-05-28 16:41 - 2014-05-28 16:41 - 02347384 _____ (ESET) C:\Users\Supervisor\Downloads\esetsmartinstaller_deu.exe
2014-05-27 08:59 - 2014-05-29 11:18 - 00013502 _____ () C:\Users\Supervisor\Desktop\FRST.txt
2014-05-27 08:58 - 2014-05-27 08:58 - 00001154 _____ () C:\Users\Supervisor\Desktop\JRT.txt
2014-05-27 08:46 - 2014-05-27 08:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 08:45 - 2014-05-27 08:45 - 00031037 _____ () C:\Users\Supervisor\Desktop\AdwCleaner[S1].txt
2014-05-27 08:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-27 08:34 - 2014-05-27 08:34 - 00069671 _____ () C:\Users\Supervisor\Desktop\mbam.txt
2014-05-27 07:57 - 2014-05-27 08:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 07:56 - 2014-05-27 07:56 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 07:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 07:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-27 07:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 07:51 - 2014-05-27 07:51 - 01016261 _____ (Thisisu) C:\Users\Supervisor\Desktop\JRT.exe
2014-05-27 07:50 - 2014-05-27 07:50 - 01327971 _____ () C:\Users\Supervisor\Desktop\adwcleaner_3.211.exe
2014-05-24 15:52 - 2014-05-24 15:52 - 00031563 _____ () C:\Users\Supervisor\Documents\ComboFix.txt
2014-05-24 14:24 - 2014-05-24 15:52 - 00000000 ____D () C:\Qoobox
2014-05-24 14:24 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-24 14:24 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-24 14:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-24 14:24 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-24 14:23 - 2014-05-24 15:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 14:15 - 2014-05-24 14:15 - 05200426 ____R (Swearware) C:\Users\Supervisor\Desktop\ComboFix.exe
2014-05-24 14:04 - 2014-05-24 14:04 - 00001276 _____ () C:\Users\Supervisor\Desktop\Revo Uninstaller.lnk
2014-05-24 14:04 - 2014-05-24 14:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-24 13:04 - 2014-05-24 13:04 - 00456000 _____ () C:\Windows\Minidump\052414-31512-01.dmp
2014-05-24 11:53 - 2014-05-24 11:54 - 00072779 _____ () C:\Users\Supervisor\Documents\avastscan 11052014.txt
2014-05-24 11:53 - 2014-05-24 11:53 - 00072777 _____ () C:\Users\Supervisor\Documents\avastscan 10052014.txt
2014-05-24 11:51 - 2014-05-24 11:52 - 00078587 _____ () C:\Users\Supervisor\Documents\avastscan 15042014.txt
2014-05-24 11:03 - 2014-05-24 11:55 - 00090545 _____ () C:\Users\Supervisor\Documents\avastscan 23052014.txt
2014-05-24 10:46 - 2014-05-24 10:46 - 00308912 _____ () C:\Users\Supervisor\Documents\gmer.txt
2014-05-24 10:16 - 2014-05-24 10:16 - 00032717 _____ () C:\Users\Supervisor\Documents\Addition.txt
2014-05-24 10:15 - 2014-05-29 11:18 - 00000000 ____D () C:\FRST
2014-05-24 10:15 - 2014-05-27 07:09 - 00038709 _____ () C:\Users\Supervisor\Documents\FRST.txt
2014-05-24 10:14 - 2014-05-24 10:14 - 00000482 _____ () C:\Users\Supervisor\Documents\defogger_disable.log
2014-05-24 10:14 - 2014-05-24 10:14 - 00000000 _____ () C:\Users\Supervisor\defogger_reenable
2014-05-23 21:04 - 2014-05-23 21:04 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends (2).lnk
2014-05-23 21:04 - 2014-05-23 21:04 - 00000178 _____ () C:\Users\Yannik\Desktop\Neue Verknüpfung.lnk
2014-05-23 18:45 - 2014-05-23 18:45 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Brother
2014-05-23 18:43 - 2014-05-23 18:43 - 00380416 _____ () C:\Users\Supervisor\Desktop\Gmer-19357.exe
2014-05-23 18:42 - 2014-05-27 07:08 - 02066944 _____ (Farbar) C:\Users\Supervisor\Desktop\FRST64.exe
2014-05-23 18:41 - 2014-05-23 18:41 - 00050477 _____ () C:\Users\Supervisor\Desktop\Defogger.exe
2014-05-20 01:30 - 2014-05-20 01:30 - 00000000 ____D () C:\Users\Freunde\AppData\Local\Google
2014-05-19 23:20 - 2014-05-19 23:20 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\LolClient
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\AVAST Software
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn
2014-05-15 08:12 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 08:12 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 08:12 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 08:12 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 08:12 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:12 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 07:30 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:30 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:30 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:30 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:29 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:29 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:29 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:29 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:28 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:28 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:28 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:28 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:28 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:28 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:28 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:28 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:28 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:28 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:28 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:28 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:28 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:28 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:28 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:28 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:28 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 19:31 - 2014-05-14 19:31 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-07 17:22 - 2014-05-07 17:22 - 00002220 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-05-07 17:22 - 2014-05-07 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-07 17:20 - 2014-05-26 18:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-07 17:20 - 2014-05-07 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-07 17:18 - 2014-05-29 11:00 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 17:18 - 2014-05-29 07:31 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 17:18 - 2014-05-10 05:26 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 17:18 - 2014-05-10 05:26 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 17:18 - 2014-05-07 17:22 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Google
2014-05-07 17:18 - 2014-05-07 17:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-06 07:48 - 2014-05-15 08:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 13:40 - 2014-05-04 13:40 - 00028913 _____ () C:\Users\Supervisor\Documents\Unbenannt 2.odt
2014-05-04 13:26 - 2014-05-04 13:26 - 00020699 _____ () C:\Users\Supervisor\Documents\Politik Projekt.odt
2014-05-04 12:53 - 2014-04-25 18:01 - 00001613 _____ () C:\Users\Yannik\Desktop\Play League of Legends.lnk
2014-05-04 12:47 - 2014-05-04 12:47 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends.lnk
2014-05-02 04:00 - 2014-05-02 04:00 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Macromedia
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Mozilla
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Mozilla
2014-04-29 15:28 - 2014-05-27 08:38 - 00000000 ____D () C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2014-05-29 11:18 - 2014-05-27 08:59 - 00013502 _____ () C:\Users\Supervisor\Desktop\FRST.txt
2014-05-29 11:18 - 2014-05-24 10:15 - 00000000 ____D () C:\FRST
2014-05-29 11:17 - 2014-05-29 11:17 - 00000809 _____ () C:\Users\Supervisor\Desktop\checkup.txt
2014-05-29 11:17 - 2014-05-29 11:16 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Notepad++
2014-05-29 11:13 - 2011-05-07 01:46 - 01325623 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 11:11 - 2013-09-22 14:50 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\LogMeIn Hamachi
2014-05-29 11:10 - 2013-02-06 19:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 11:09 - 2013-09-22 14:48 - 00000680 __RSH () C:\Users\Supervisor\ntuser.pol
2014-05-29 11:09 - 2013-09-22 14:43 - 00000000 ____D () C:\Users\Supervisor
2014-05-29 11:08 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 11:08 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 11:01 - 2014-04-17 12:17 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-29 11:00 - 2014-05-28 16:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-29 11:00 - 2014-05-07 17:18 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 11:00 - 2011-05-16 01:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-29 11:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 11:00 - 2009-07-14 06:51 - 00125122 _____ () C:\Windows\setupact.log
2014-05-29 07:42 - 2014-04-25 17:25 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\PMB Files
2014-05-29 07:31 - 2014-05-07 17:18 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 22:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-05-28 20:14 - 2014-05-28 20:12 - 00785920 _____ (InterActual Technologies, Inc.) C:\Users\Supervisor\Downloads\iPlayer.exe
2014-05-28 19:00 - 2014-04-25 17:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-28 16:42 - 2014-05-28 16:42 - 00854367 _____ () C:\Users\Supervisor\Desktop\SecurityCheck.exe
2014-05-28 16:41 - 2014-05-28 16:41 - 02347384 _____ (ESET) C:\Users\Supervisor\Downloads\esetsmartinstaller_deu.exe
2014-05-28 16:36 - 2014-04-15 17:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-27 08:58 - 2014-05-27 08:58 - 00001154 _____ () C:\Users\Supervisor\Desktop\JRT.txt
2014-05-27 08:46 - 2014-05-27 08:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 08:45 - 2014-05-27 08:45 - 00031037 _____ () C:\Users\Supervisor\Desktop\AdwCleaner[S1].txt
2014-05-27 08:41 - 2010-11-21 05:47 - 00250096 _____ () C:\Windows\PFRO.log
2014-05-27 08:38 - 2014-04-29 15:28 - 00000000 ____D () C:\AdwCleaner
2014-05-27 08:34 - 2014-05-27 08:34 - 00069671 _____ () C:\Users\Supervisor\Desktop\mbam.txt
2014-05-27 08:33 - 2014-05-27 07:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 08:30 - 2013-01-25 21:34 - 00000000 ____D () C:\Windows\Minidump
2014-05-27 07:56 - 2014-05-27 07:56 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 07:56 - 2014-05-27 07:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 07:52 - 2013-09-28 12:26 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\CrashDumps
2014-05-27 07:51 - 2014-05-27 07:51 - 01016261 _____ (Thisisu) C:\Users\Supervisor\Desktop\JRT.exe
2014-05-27 07:50 - 2014-05-27 07:50 - 01327971 _____ () C:\Users\Supervisor\Desktop\adwcleaner_3.211.exe
2014-05-27 07:09 - 2014-05-24 10:15 - 00038709 _____ () C:\Users\Supervisor\Documents\FRST.txt
2014-05-27 07:08 - 2014-05-23 18:42 - 02066944 _____ (Farbar) C:\Users\Supervisor\Desktop\FRST64.exe
2014-05-26 18:39 - 2012-05-05 16:57 - 00661544 __RSH () C:\Users\Yannik\ntuser.pol
2014-05-26 18:39 - 2011-10-14 16:32 - 00000000 ____D () C:\Users\Yannik
2014-05-26 18:33 - 2014-05-07 17:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-26 18:30 - 2013-02-08 00:00 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn Hamachi
2014-05-26 18:29 - 2013-02-04 22:38 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\Skype
2014-05-24 15:52 - 2014-05-24 15:52 - 00031563 _____ () C:\Users\Supervisor\Documents\ComboFix.txt
2014-05-24 15:52 - 2014-05-24 14:24 - 00000000 ____D () C:\Qoobox
2014-05-24 15:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-24 15:50 - 2014-05-24 14:23 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 15:47 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-24 15:43 - 2009-07-14 04:34 - 59768832 _____ () C:\Windows\system32\config\software.bak
2014-05-24 15:43 - 2009-07-14 04:34 - 35913728 _____ () C:\Windows\system32\config\system.bak
2014-05-24 15:43 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2014-05-24 15:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-05-24 15:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-05-24 14:15 - 2014-05-24 14:15 - 05200426 ____R (Swearware) C:\Users\Supervisor\Desktop\ComboFix.exe
2014-05-24 14:04 - 2014-05-24 14:04 - 00001276 _____ () C:\Users\Supervisor\Desktop\Revo Uninstaller.lnk
2014-05-24 14:04 - 2014-05-24 14:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-24 13:04 - 2014-05-24 13:04 - 00456000 _____ () C:\Windows\Minidump\052414-31512-01.dmp
2014-05-24 13:03 - 2013-01-25 21:34 - 927421629 _____ () C:\Windows\MEMORY.DMP
2014-05-24 12:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-24 11:55 - 2014-05-24 11:03 - 00090545 _____ () C:\Users\Supervisor\Documents\avastscan 23052014.txt
2014-05-24 11:54 - 2014-05-24 11:53 - 00072779 _____ () C:\Users\Supervisor\Documents\avastscan 11052014.txt
2014-05-24 11:53 - 2014-05-24 11:53 - 00072777 _____ () C:\Users\Supervisor\Documents\avastscan 10052014.txt
2014-05-24 11:52 - 2014-05-24 11:51 - 00078587 _____ () C:\Users\Supervisor\Documents\avastscan 15042014.txt
2014-05-24 10:46 - 2014-05-24 10:46 - 00308912 _____ () C:\Users\Supervisor\Documents\gmer.txt
2014-05-24 10:16 - 2014-05-24 10:16 - 00032717 _____ () C:\Users\Supervisor\Documents\Addition.txt
2014-05-24 10:14 - 2014-05-24 10:14 - 00000482 _____ () C:\Users\Supervisor\Documents\defogger_disable.log
2014-05-24 10:14 - 2014-05-24 10:14 - 00000000 _____ () C:\Users\Supervisor\defogger_reenable
2014-05-23 23:03 - 2013-09-17 17:35 - 00000000 ____D () C:\Users\Freunde\AppData\Local\CrashDumps
2014-05-23 23:01 - 2012-05-05 16:57 - 01460074 __RSH () C:\Users\Freunde\ntuser.pol
2014-05-23 23:01 - 2012-05-05 16:13 - 00000000 ____D () C:\Users\Freunde
2014-05-23 23:00 - 2013-09-15 12:56 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn Hamachi
2014-05-23 21:04 - 2014-05-23 21:04 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends (2).lnk
2014-05-23 21:04 - 2014-05-23 21:04 - 00000178 _____ () C:\Users\Yannik\Desktop\Neue Verknüpfung.lnk
2014-05-23 18:45 - 2014-05-23 18:45 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Brother
2014-05-23 18:43 - 2014-05-23 18:43 - 00380416 _____ () C:\Users\Supervisor\Desktop\Gmer-19357.exe
2014-05-23 18:41 - 2014-05-23 18:41 - 00050477 _____ () C:\Users\Supervisor\Desktop\Defogger.exe
2014-05-23 09:07 - 2014-04-15 16:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-22 18:19 - 2011-05-07 02:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-22 10:49 - 2010-11-21 08:50 - 01791316 _____ () C:\Windows\system32\perfh007.dat
2014-05-22 10:49 - 2010-11-21 08:50 - 00491516 _____ () C:\Windows\system32\perfc007.dat
2014-05-22 10:49 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 01:30 - 2014-05-20 01:30 - 00000000 ____D () C:\Users\Freunde\AppData\Local\Google
2014-05-19 23:20 - 2014-05-19 23:20 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\LolClient
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Roaming\AVAST Software
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Users\Freunde\AppData\Local\LogMeIn
2014-05-19 23:18 - 2012-05-05 16:13 - 00001433 _____ () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-19 23:18 - 2012-05-05 16:13 - 00000000 ___RD () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 23:18 - 2012-05-05 16:13 - 00000000 ___RD () C:\Users\Freunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 23:18 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-17 22:08 - 2011-10-14 16:34 - 00000000 ___RD () C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 22:08 - 2011-10-14 16:34 - 00000000 ___RD () C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 22:05 - 2014-04-17 12:17 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\DiskDefrag
2014-05-16 15:14 - 2014-04-15 17:23 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-16 15:14 - 2014-04-15 17:22 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 15:14 - 2014-04-15 17:22 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 08:26 - 2013-09-22 14:49 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:26 - 2013-09-22 14:49 - 00000000 ___RD () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:16 - 2014-05-06 07:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 08:11 - 2013-08-29 13:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:10 - 2013-02-06 19:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 08:10 - 2013-02-06 19:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 08:10 - 2013-02-06 19:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 08:07 - 2012-08-23 14:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:31 - 2014-05-14 19:31 - 00000000 ____D () C:\Users\Yannik\AppData\Local\LogMeIn
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 18:48 - 2014-05-14 18:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-13 17:22 - 2011-10-17 15:27 - 00000000 ____D () C:\Users\Yannik\AppData\Local\CrashDumps
2014-05-12 07:26 - 2014-05-27 07:56 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-27 07:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-27 07:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 14:56 - 2013-02-05 16:14 - 00000000 ____D () C:\Users\Yannik\Desktop\Neuer Ordner
2014-05-10 05:26 - 2014-05-07 17:18 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 05:26 - 2014-05-07 17:18 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-15 07:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 07:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 17:22 - 2014-05-07 17:22 - 00002220 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-05-07 17:22 - 2014-05-07 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-07 17:22 - 2014-05-07 17:18 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Google
2014-05-07 17:22 - 2014-05-07 17:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-07 17:20 - 2014-05-07 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 06:40 - 2014-05-15 08:12 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 08:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 08:12 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 08:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 08:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 08:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 13:40 - 2014-05-04 13:40 - 00028913 _____ () C:\Users\Supervisor\Documents\Unbenannt 2.odt
2014-05-04 13:26 - 2014-05-04 13:26 - 00020699 _____ () C:\Users\Supervisor\Documents\Politik Projekt.odt
2014-05-04 12:47 - 2014-05-04 12:47 - 00001816 _____ () C:\Users\Yannik\Desktop\League of Legends.lnk
2014-05-02 04:00 - 2014-05-02 04:00 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Macromedia
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Mozilla
2014-05-02 00:04 - 2014-05-02 00:04 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Mozilla
2014-04-29 15:17 - 2013-02-27 21:46 - 00000000 ____D () C:\Program Files (x86)\PC Beschleunigen
Some content of TEMP:
====================
C:\Users\Supervisor\AppData\Local\Temp\npp.6.6.3.Installer.exe
C:\Users\Supervisor\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-24 12:23
==================== End Of Log ============================
--- --- --- Sieht für den Fachmann jetzt soweit alles gut aus? |
|
30.05.2014, 09:45
| #9 |
| /// the machine /// TB-Ausbilder | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1002\User: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1001\User: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Meckert Avast noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.06.2014, 18:53
| #10 |
| | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuftCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by Supervisor at 2014-06-01 16:12:36 Run:1
Running from C:\Users\Supervisor\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1002\User: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1001\User: Group Policy on Chrome detected <======= ATTENTION
*****************
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1001\User => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Firefox habe ich wie angeleitet deinstalliert, aber nicht neu installiert, da ich den IE und Chrome drauf habe und keinen dritten Browser brauche. Sofern es nicht für die Problemlösung notwendig ist, würde ich FF einfach nicht mehr aufspielen. Avast hat einen kompletten Scan gefahren. Alles ohne Probleme. Das System scheint sauber zu sein. Wenn sonst nichts mehr zu tun ist würde ich mich an dieser Stelle herzlichst bedanken für die super schnelle und zielführende Hilfe und einfach nur noch anfragen, auf welchem Wege ich mich (finanziell) - soweit erlaubt - erkenntlich zeigen könnte. |
|
03.06.2014, 18:35
| #11 |
| /// the machine /// TB-Ausbilder | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.06.2014, 10:42
| #12 |
| | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft Soooo, alles ist wie angeleitet erledigt. Sämtliche Programme wurden scheinbar restlos entfernt. Das System läuft sauber und merklich schneller. Avast hat nichts zu meckern. Eine glatte 1 für diesen tollen Service und nochmals besten Dank. |
|
05.06.2014, 19:35
| #13 |
| /// the machine /// TB-Ausbilder | WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
