| |
| |||||||
Log-Analyse und Auswertung: AdWare-verseuchter PC - Hauptproblem: "MyPCBackup"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.05.2014, 20:15
| #5 |
 |  AdWare-verseuchter PC - Hauptproblem: "MyPCBackup" Hallo Matthias! 1. ADWCleaner: Code:
ATTFilter # AdwCleaner v3.210 - Bericht erstellt am 25/05/2014 um 16:19:43
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Benutzername : Wermutstropfen - WERMUT-LAPTOP
# Gestartet von : C:\Users\Wermutstropfen\Desktop\adwcleaner_3.210.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : BackupStack
Dienst Gelöscht : LPTSystemUpdater
Dienst Gelöscht : MgAssistService
Dienst Gelöscht : yewimmxqbs32
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\ConstaSurf
Ordner Gelöscht : C:\Program Files\LPT
Ordner Gelöscht : C:\Program Files\Mobogenie
Ordner Gelöscht : C:\Program Files\MSR
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\Uncompressor
Ordner Gelöscht : C:\Users\WERMUT~1\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\0D0S1L2Z1P1B
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\v9
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
Ordner Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\Extensions\RrSavings@jetpack
Datei Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\Extensions\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.xpi
Datei Gelöscht : C:\Users\Wermutstropfen\daemonprocess.txt
Datei Gelöscht : C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Wermutstropfen\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Wermutstropfen\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\v9.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserProtect
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Wermutstropfen\Desktop\Alte Verknüpfungen\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA65A4F9-4AAB-4166-BBF5-BA9BEA22AB0C}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA65A4F9-4AAB-4166-BBF5-BA9BEA22AB0C}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3DFA316-17BA-4C37-BD4A-FE1830FFB50E}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3DFA316-17BA-4C37-BD4A-FE1830FFB50E}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FC2F2F9-11CB-4548-BA47-DD4D7A03A520}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FC2F2F9-11CB-4548-BA47-DD4D7A03A520}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKCU\Software\5b4d9d9e63cbd45
Schlüssel Gelöscht : HKLM\SOFTWARE\5b4d9d9e63cbd45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Caramava
Schlüssel Gelöscht : HKCU\Software\ConstaSurf
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\RrSavings
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RrSavings
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Caramava
Schlüssel Gelöscht : HKLM\Software\ConstaSurf
Schlüssel Gelöscht : HKLM\Software\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\Software\RrSavings
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\V9Software
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Uncompressor
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3566FB70-E722-4182-8266-815EAE862998}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConstaSurf
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\v9 uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DigitalSite
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uncompressor
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Extractor Packages
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07BF6653227E2814286618E5EA689289
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\07BF6653227E2814286618E5EA689289
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\07BF6653227E2814286618E5EA689289
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16545
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v11.0 (de)
[ Datei : C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [17694 octets] - [25/05/2014 16:19:11]
AdwCleaner[S0].txt - [15649 octets] - [25/05/2014 16:19:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15710 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Ultimate x86
Ran by Wermutstropfen on 25/05/2014 at 16:32:41.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-766344687-1236243651-3856011510-1000\Software\sweetim
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Wermutstropfen\AppData\Roaming\mozilla\firefox\profiles\gwmqlo6e.default\searchplugins\youtube-video-search.xml
Successfully deleted the following from C:\Users\Wermutstropfen\AppData\Roaming\mozilla\firefox\profiles\gwmqlo6e.default\prefs.js
user_pref("keyword.URL", "hxxps://ixquick.com/do/search?cat=web&pl=ff&language=english_uk&query=");
Emptied folder: C:\Users\Wermutstropfen\AppData\Roaming\mozilla\firefox\profiles\gwmqlo6e.default\minidumps [12 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/05/2014 at 16:36:05.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 25/05/2014 Scan Time: 16:41:21 Logfile: MBAM_log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.05.25.04 Rootkit Database: v2014.05.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Wermutstropfen Scan Type: Threat Scan Result: Completed Objects Scanned: 329411 Time Elapsed: 2 hr, 56 min, 43 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 5 PUP.Optional.RRSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\##TOOLBAR_DISABLED_##{10ad2c61-0898-4348-8600-14a342f22ac3}, Quarantined, [4e4af560f3881e18777e9ac1e51fdf21], PUP.Optional.RRSavings.A, HKLM\SOFTWARE\CLASSES\CLSID\##TOOLBAR_DISABLED_##{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [4e4af560f3881e18777e9ac1e51fdf21], PUP.Optional.RRSavings.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\##TOOLBAR_DISABLED_##{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [4e4af560f3881e18777e9ac1e51fdf21], PUP.Optional.ShoppingHelper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\##TOOLBAR_DISABLED_##{31ad400d-1b06-4e33-a59a-90c2c140cba0}, Quarantined, [b3e5bf965328a88ed9d88ad06c989d63], PUP.Optional.ShoppingHelper.A, HKLM\SOFTWARE\CLASSES\CLSID\##TOOLBAR_DISABLED_##{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [b3e5bf965328a88ed9d88ad06c989d63], Registry Values: 0 (No malicious items detected) Registry Data: 1 PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5ixMQS9ihB1Ua3VJwNpKMcOyJQg76gqfE9JsSeOBgl-Z-aP37PfuY79jBXtuZsK9D5kM7B9-73OP1MzrFFj5SbN5KFkHYPpcDPvglWHbLxqzFgi5C-3-b-1TLodsbRww,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5ixMQS9ihB1Ua3VJwNpKMcOyJQg76gqfE9JsSeOBgl-Z-aP37PfuY79jBXtuZsK9D5kM7B9-73OP1MzrFFj5SbN5KFkHYPpcDPvglWHbLxqzFgi5C-3-b-1TLodsbRww,&q={searchTerms}),Replaced,[99ffe0758eed8fa7a7dfe568887cad53] Folders: 0 (No malicious items detected) Files: 11 PUP.Optional.AdPeak.A, C:\temp\t.msi, Quarantined, [eeaab3a24a3183b3b382fc50fe0632ce], PUP.Optional.OutBrowse, C:\Users\Wermutstropfen\Downloads\flashplayersetup.exe, Quarantined, [9107c095047750e602c21466cf32738d], PUP.Optional.Softonic, C:\Users\Wermutstropfen\Downloads\SoftonicDownloader_for_sam-max.exe, Quarantined, [b4e466efdf9cb680192be42139c8e31d], PUP.Optional.OpenCandy, C:\Users\Wermutstropfen\Downloads\winamp5623_full_bundle_emusic-7plus_de-de.exe, Quarantined, [01978dc8b2c9fe389fc6c3b8aa5a3ec2], PUP.Optional.InstallCore.A, C:\Users\Wermutstropfen\Downloads\ZipExtractorSetup.exe, Quarantined, [a8f0dc795427999d7557bf6f11f00af6], PUP.Optional.Softonic.A, C:\Users\Wermutstropfen\Downloads\SoftonicDownloader_fuer_extensoft-free-video-converter.exe, Quarantined, [2e6aee67bdbee056d6cd49d77e83a25e], PUP.Optional.BSDownloader, C:\Users\Wermutstropfen\Downloads\Brothersoft_downloader_For_The_Curse_of_Monkey_Island.exe, Quarantined, [18803520c1ba0531ff5fdb43d12f6e92], PUP.Optional.Somoto.A, C:\Users\Wermutstropfen\Downloads\7ZipSetup.exe, Quarantined, [2b6d9bbaa0db9f97d73188b0907028d8], PUP.Optional.OpenCandy, C:\Users\Wermutstropfen\Downloads\DAEMONToolsUltra100-0068.exe, Quarantined, [3464d87d7605ca6c273e15662ada0cf4], PUP.Optional.SmartBar, C:\Windows\Installer\2e53cf.msi, Quarantined, [7424e174156645f172a643eb46ba53ad], Backdoor.ProRat, C:\Windows\temp\peyowhr2.tmp, Quarantined, [544481d4e89394a298a36997e023c33d], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 21-05-2014
Tool run by Wermutstropfen on 25/05/2014 at 20:16:06.12.
Microsoft® Windows Vista™ Ultimate 6.0.6002 Service Pack 2 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Wermutstropfen\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
25/05/2014 20:20:58 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\WERMUT~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\prefs.js:
user_pref("browser.startup.homepage", "https://vu.fernuni-hagen.de");
user_pref("browser.newtab.url", "https://vu.fernuni-hagen.de");
user_pref("browser.search.selectedEngine", "YouTube Video Search");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\WERMUT~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\WERMUT~1\AppData\Roaming\Thunderbird\Profiles\3yri8q6m.default\prefs.js:
Added to C:\Users\WERMUT~1\AppData\Roaming\Thunderbird\Profiles\3yri8q6m.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\PROGRA~2\?(?(8520-1533-40C5-AD09-953C574F14BCÄ(?( not found
C:\PROGRA~2\?)?)8520-1533-40C5-AD09-953C574F14BCÄ)?) not found
C:\PROGRA~2\?+?+8520-1533-40C5-AD09-953C574F14BCÄ+?+ not found
C:\PROGRA~2\?,?,8520-1533-40C5-AD09-953C574F14BCÄ,?, not found
C:\PROGRA~2\?-?-8520-1533-40C5-AD09-953C574F14BCÄ-?- not found
C:\PROGRA~2\?1?18520-1533-40C5-AD09-953C574F14BCÄ1?1 not found
C:\PROGRA~2\?2?28520-1533-40C5-AD09-953C574F14BCÄ2?2 not found
C:\PROGRA~2\?3?38520-1533-40C5-AD09-953C574F14BCÄ3?3 not found
C:\PROGRA~2\?4?48520-1533-40C5-AD09-953C574F14BCÄ4?4 not found
C:\PROGRA~2\?5?58520-1533-40C5-AD09-953C574F14BCÄ5?5 not found
C:\PROGRA~2\?F?F8520-1533-40C5-AD09-953C574F14BCÄF?F not found
C:\PROGRA~2\?G?G8520-1533-40C5-AD09-953C574F14BCÄG?G not found
C:\PROGRA~2\?K?K8520-1533-40C5-AD09-953C574F14BCÄK?K not found
C:\PROGRA~2\?L?L8520-1533-40C5-AD09-953C574F14BCÄL?L not found
C:\PROGRA~2\?q?q8520-1533-40C5-AD09-953C574F14BCÄq?q not found
C:\PROGRA~2\?r?r8520-1533-40C5-AD09-953C574F14BCÄr?r not found
C:\PROGRA~2\?w?w8520-1533-40C5-AD09-953C574F14BCÄw?w not found
C:\PROGRA~2\?_?_8520-1533-40C5-AD09-953C574F14BCÄ_?_ not found
C:\PROGRA~2\?~?~8520-1533-40C5-AD09-953C574F14BCÄ~?~ not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\??8520-1533-40C5-AD09-953C574F14BCÄ? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\?¡?¡8520-1533-40C5-AD09-953C574F14BCÄ¡?¡ not found
C:\PROGRA~2\?¨?¨8520-1533-40C5-AD09-953C574F14BCĨ?¨ not found
C:\PROGRA~2\?©?©8520-1533-40C5-AD09-953C574F14BCÄ©?© not found
C:\PROGRA~2\?«?«8520-1533-40C5-AD09-953C574F14BCÄ«?« not found
C:\PROGRA~2\?²?²8520-1533-40C5-AD09-953C574F14BCIJ?² not found
C:\PROGRA~2\?·?·8520-1533-40C5-AD09-953C574F14BCÄ·?· not found
C:\PROGRA~2\?º?º8520-1533-40C5-AD09-953C574F14BCĺ?º not found
C:\PROGRA~2\?à?à8520-1533-40C5-AD09-953C574F14BCÄà?à not found
C:\PROGRA~2\?á?á8520-1533-40C5-AD09-953C574F14BCÄá?á not found
C:\PROGRA~2\?Â?Â8520-1533-40C5-AD09-953C574F14BCÄÂ? not found
C:\PROGRA~2\?ã?ã8520-1533-40C5-AD09-953C574F14BCÄã?ã not found
C:\PROGRA~2\?ç?ç8520-1533-40C5-AD09-953C574F14BCÄç?ç not found
C:\PROGRA~2\?É?É8520-1533-40C5-AD09-953C574F14BCÄÉ?É not found
C:\PROGRA~2\?í?í8520-1533-40C5-AD09-953C574F14BCÄí?í not found
C:\PROGRA~2\?Ð?Ð8520-1533-40C5-AD09-953C574F14BCÄÐ?Ð not found
C:\PROGRA~2\?Ñ?Ñ8520-1533-40C5-AD09-953C574F14BCÄÑ?Ñ not found
C:\PROGRA~2\?Ò?Ò8520-1533-40C5-AD09-953C574F14BCÄÒ?Ò not found
C:\PROGRA~2\?Ô?Ô8520-1533-40C5-AD09-953C574F14BCÄÔ?Ô not found
C:\PROGRA~2\?õ?õ8520-1533-40C5-AD09-953C574F14BCÄõ?õ not found
C:\PROGRA~2\?Ö?Ö8520-1533-40C5-AD09-953C574F14BCÄÖ?Ö not found
C:\PROGRA~2\?ø?ø8520-1533-40C5-AD09-953C574F14BCÄø?ø not found
C:\PROGRA~2\?ý?ý8520-1533-40C5-AD09-953C574F14BCÄý?ý not found
C:\PROGRA~2\?Þ?Þ8520-1533-40C5-AD09-953C574F14BCÄÞ?Þ not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\?ÿ?ÿ8520-1533-40C5-AD09-953C574F14BCÄÿ?ÿ not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\PROGRA~2\????8520-1533-40C5-AD09-953C574F14BCÄ??? not found
C:\Users\Wermutstropfen\.android deleted
C:\Users\Wermutstropfen\AppData\Local\cache deleted
C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\system32\sasnative32.exe deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [29/04/2014 10:22]
==== Firefox Extensions ======================
ProfilePath: C:\Users\WERMUT~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default
- Amazon Search - %ProfilePath%\extensions\amazonsearch@throttled.org.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default
F055C91A961601B8D50EF2976145AEE6 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
01E4DA82C518853EF3B16209C038D7B9 - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
60F23A6CE8B9F9BE995EAACFF0022DFC - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
A64F2C388DC26BE3E469EDC3657B14F4 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
F7AEAD4303A056F2D1685B43024776CA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
FA0A3008589567CB7196620B05C9F28D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
10737B44923217BC0E67D26A9FC1F0AA - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
2645990C521342DCD08963D2DF6CD0D2 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
1F8FFDE82C52353906244AFDC6BAF2AB - C:\Program Files\VLC\npvlc.dll - VLC Web Plugin
F950066F07AD4952B291BF712BA40367 - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll - Winamp Application Detector
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
F055C91A961601B8D50EF2976145AEE6 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
60F23A6CE8B9F9BE995EAACFF0022DFC - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
01E4DA82C518853EF3B16209C038D7B9 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17/10/2013 16:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17/10/2013 16:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17/10/2013 16:50]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[29/03/2014 01:49]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17/10/2013 16:49]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:8118;https=127.0.0.1:8118"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Wermutstropfen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Wermutstropfen\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Wermutstropfen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Wermutstropfen\AppData\Local\Mozilla\Firefox\Profiles\gwmqlo6e.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=202 folders=22 3665442 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Wermutstropfen\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\WERMUT~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Wermutstropfen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on 25/05/2014 at 20:57:43.99 ======================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-05-2014
Ran by Wermutstropfen (administrator) on WERMUT-LAPTOP on 25-05-2014 21:13:09
Running from C:\Users\Wermutstropfen\Desktop
Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Reimage®) C:\Program Files\AntiToolbar\ReiGuard.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Simpo Technologies) C:\Program Files\Simpo PDF Creator Lite\SpcLiteSrv.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHFE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\Wermutstropfen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(OpenOffice.org) C:\Program Files\OpenOffice\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice\program\soffice.bin
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMONTools\DiscSoftBusService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Simpo PDF Creator Lite Server] => C:\Program Files\Simpo PDF Creator Lite\SpcLiteSrv.exe [101376 2010-08-18] (Simpo Technologies)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-06-20] (RealNetworks, Inc.)
HKLM\...\Run: [VirtualDrive] => C:\Program Files\FarStone\VirtualDrive\VDTask.exe [682584 2011-12-20] (FarStone Technology Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-766344687-1236243651-3856011510-1000\...\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] => 0
HKU\S-1-5-21-766344687-1236243651-3856011510-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMONTools\DTAgent.exe [3088448 2013-03-06] (Disc Soft Ltd)
HKU\S-1-5-21-766344687-1236243651-3856011510-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHFE.EXE [220800 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-766344687-1236243651-3856011510-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-766344687-1236243651-3856011510-1000\...\Run: [Amazon Cloud Player] => C:\Users\Wermutstropfen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB02BDD745910CD01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: MSS+ Identifier - ##TOOLBAR_DISABLED_##{0e8a89ad-95d7-40eb-8d9d-083ef7066a01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Shopping Helper Smartbar - ##TOOLBAR_DISABLED_##{ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\searchplugins\ixquick-https---uk.xml
FF SearchPlugin: C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\searchplugins\memory-alpha-en.xml
FF SearchPlugin: C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\searchplugins\wiktionary-de.xml
FF Extension: Amazon Search - C:\Users\Wermutstropfen\AppData\Roaming\Mozilla\Firefox\Profiles\gwmqlo6e.default\Extensions\amazonsearch@throttled.org.xpi [2014-05-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-20]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-29]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-29]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-29]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-29]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-29]
========================== Services (Whitelisted) =================
R2 AntiToolbarProtector; C:\Program Files\AntiToolbar\ReiGuard.exe [4032352 2014-04-28] (Reimage®)
S3 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R3 Disc Soft Bus Service; C:\Program Files\DAEMONTools\DiscSoftBusService.exe [580672 2013-03-06] (Disc Soft Ltd)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
==================== Drivers (Whitelisted) ====================
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2013-06-04] (Disc Soft Ltd)
R3 fcdabus; C:\Windows\System32\DRIVERS\fcdabus.sys [18448 2008-10-29] (FarStone Inc.)
R0 FVXSCSI; C:\Windows\System32\DRIVERS\fvxscsi.sys [88024 2009-12-23] (FarStone Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-03-29] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-03-29] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-03-29] (Kaspersky Lab ZAO)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-29] (Kaspersky Lab ZAO)
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-25 21:13 - 2014-05-25 21:13 - 00015930 _____ () C:\Users\Wermutstropfen\Desktop\FRST.txt
2014-05-25 21:12 - 2014-05-25 21:12 - 00020070 _____ () C:\Users\Wermutstropfen\Desktop\zoek-results.txt
2014-05-25 20:35 - 2014-05-25 20:16 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-25 20:20 - 2014-05-25 20:57 - 00020070 _____ () C:\zoek-results.log
2014-05-25 20:16 - 2014-05-25 20:33 - 00000000 ____D () C:\zoek_backup
2014-05-25 20:09 - 2014-05-25 20:20 - 00003662 _____ () C:\Users\Wermutstropfen\Desktop\Anweisungen.txt
2014-05-25 20:08 - 2014-05-25 20:08 - 01285120 _____ () C:\Users\Wermutstropfen\Desktop\zoek.exe
2014-05-25 20:07 - 2014-05-25 20:07 - 00004152 _____ () C:\Users\Wermutstropfen\Desktop\MBAM.txt
2014-05-25 16:40 - 2014-05-25 20:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 16:40 - 2014-05-25 16:40 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-25 16:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 16:40 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 16:40 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-25 16:38 - 2014-05-25 16:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wermutstropfen\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-25 16:36 - 2014-05-25 16:36 - 00001396 _____ () C:\Users\Wermutstropfen\Desktop\JRT.txt
2014-05-25 16:32 - 2014-05-25 16:32 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 16:27 - 2014-05-25 16:27 - 01016261 _____ (Thisisu) C:\Users\Wermutstropfen\Desktop\JRT.exe
2014-05-25 16:24 - 2014-05-25 16:24 - 00015791 _____ () C:\Users\Wermutstropfen\Desktop\AdwCleaner[S0].txt
2014-05-25 16:19 - 2014-05-25 16:19 - 00000000 ____D () C:\AdwCleaner
2014-05-25 16:18 - 2014-05-25 16:18 - 01326389 _____ () C:\Users\Wermutstropfen\Desktop\adwcleaner_3.210.exe
2014-05-24 20:37 - 2014-05-24 20:06 - 00015106 _____ () C:\Users\Wermutstropfen\Desktop\ComboFix.txt
2014-05-24 20:06 - 2014-05-24 20:06 - 00015106 _____ () C:\ComboFix.txt
2014-05-24 19:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-24 19:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-24 19:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-24 19:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-24 19:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-24 19:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-24 19:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-24 19:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-24 19:29 - 2014-05-24 20:06 - 00000000 ____D () C:\Qoobox
2014-05-24 19:29 - 2014-05-24 20:06 - 00000000 ____D () C:\ComboFix
2014-05-24 19:27 - 2014-05-24 20:04 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 18:57 - 2014-05-24 18:58 - 05200426 ____R (Swearware) C:\Users\Wermutstropfen\Desktop\ComboFix.exe
2014-05-24 10:33 - 2014-05-24 10:33 - 00380416 _____ () C:\Users\Wermutstropfen\Desktop\vnn5r04r.exe
2014-05-24 10:17 - 2014-05-24 10:19 - 00037458 _____ () C:\Users\Wermutstropfen\Desktop\old_Addition.txt
2014-05-24 10:15 - 2014-05-25 21:13 - 00000000 ____D () C:\FRST
2014-05-24 10:15 - 2014-05-24 10:19 - 00041918 _____ () C:\Users\Wermutstropfen\Desktop\old_FRST.txt
2014-05-24 10:14 - 2014-05-24 10:14 - 01056768 _____ (Farbar) C:\Users\Wermutstropfen\Desktop\FRST.exe
2014-05-24 10:11 - 2014-05-24 16:49 - 00006846 _____ () C:\Users\Wermutstropfen\Desktop\defogger_disable.log
2014-05-24 10:11 - 2014-05-24 10:11 - 00000000 _____ () C:\Users\Wermutstropfen\defogger_reenable
2014-05-24 10:09 - 2014-05-24 10:09 - 00050477 _____ () C:\Users\Wermutstropfen\Desktop\Defogger.exe
2014-05-14 16:01 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 16:01 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 16:01 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 15:27 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-09 09:58 - 2014-05-09 09:58 - 00000000 ____D () C:\ProgramData\CDB
2014-05-09 09:57 - 2014-05-09 09:59 - 00000000 ____D () C:\ProgramData\AntiToolbar
2014-05-09 09:57 - 2014-05-09 09:59 - 00000000 ____D () C:\Program Files\AntiToolbar
2014-05-09 09:57 - 2014-05-09 09:58 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-09 09:57 - 2014-05-09 09:57 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Local\MFAData
2014-05-09 09:57 - 2014-05-09 09:57 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Local\Avg2013
2014-05-09 09:57 - 2014-05-09 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiToolbar
2014-05-09 09:55 - 2014-05-09 09:55 - 00684776 _____ (Reimage®) C:\Users\Wermutstropfen\Downloads\AntiToolbar03.exe
2014-05-08 22:42 - 2014-05-08 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-08 22:42 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-08 22:42 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-08 22:42 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-08 22:42 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-08 22:39 - 2014-05-08 22:42 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-07 21:12 - 2014-05-07 21:12 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-07 20:34 - 2014-05-07 20:34 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-07 20:34 - 2014-05-07 20:34 - 00000000 _____ () C:\Users\Wermutstropfen\Downloads\Firefox Setup Stub 29_0_exe (1).5ur9ay3.partial
2014-05-07 20:22 - 2014-05-07 20:22 - 00000000 _____ () C:\Users\Wermutstropfen\Downloads\Firefox Setup Stub 29_0_exe.6fr75ny.partial
2014-05-07 20:16 - 2014-05-07 20:35 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Roaming\Mozilla
2014-05-04 23:19 - 2014-05-04 23:19 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-05-04 23:19 - 2014-05-04 23:19 - 00000000 ____D () C:\sh4ldr
2014-05-04 23:16 - 2014-05-05 21:38 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-05-04 23:16 - 2014-05-04 23:16 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-05-04 23:13 - 2014-05-04 23:13 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Wermutstropfen\Downloads\SpyHunter-Installer.exe
2014-05-03 19:41 - 2014-05-03 19:42 - 18985347 _____ () C:\Users\Wermutstropfen\Downloads\cursmon1.zip
2014-05-03 19:29 - 2014-05-03 19:29 - 02271256 _____ () C:\Users\Wermutstropfen\Downloads\The_Curse_Of_Monkey_Island.exe
2014-05-03 19:15 - 2014-05-03 19:15 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Roaming\Wise
2014-04-30 17:59 - 2014-04-30 18:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2014-05-25 21:13 - 2014-05-25 21:13 - 00015930 _____ () C:\Users\Wermutstropfen\Desktop\FRST.txt
2014-05-25 21:13 - 2014-05-24 10:15 - 00000000 ____D () C:\FRST
2014-05-25 21:12 - 2014-05-25 21:12 - 00020070 _____ () C:\Users\Wermutstropfen\Desktop\zoek-results.txt
2014-05-25 21:10 - 2006-11-02 14:46 - 00004432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 21:10 - 2006-11-02 14:46 - 00004432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 21:00 - 2006-11-02 14:51 - 01300020 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 20:57 - 2014-05-25 20:20 - 00020070 _____ () C:\zoek-results.log
2014-05-25 20:40 - 2012-03-24 18:12 - 00020440 _____ () C:\Windows\PFRO.log
2014-05-25 20:40 - 2006-11-02 15:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 20:39 - 2006-11-02 15:00 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-25 20:33 - 2014-05-25 20:16 - 00000000 ____D () C:\zoek_backup
2014-05-25 20:20 - 2014-05-25 20:09 - 00003662 _____ () C:\Users\Wermutstropfen\Desktop\Anweisungen.txt
2014-05-25 20:16 - 2014-05-25 20:35 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-25 20:08 - 2014-05-25 20:08 - 01285120 _____ () C:\Users\Wermutstropfen\Desktop\zoek.exe
2014-05-25 20:07 - 2014-05-25 20:07 - 00004152 _____ () C:\Users\Wermutstropfen\Desktop\MBAM.txt
2014-05-25 20:03 - 2014-05-25 16:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 20:00 - 2013-03-23 22:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-25 19:58 - 2006-11-02 14:35 - 00000000 ____D () C:\Windows\ShellNew
2014-05-25 16:40 - 2014-05-25 16:40 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-25 16:38 - 2014-05-25 16:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wermutstropfen\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-25 16:36 - 2014-05-25 16:36 - 00001396 _____ () C:\Users\Wermutstropfen\Desktop\JRT.txt
2014-05-25 16:36 - 2014-03-29 18:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-25 16:32 - 2014-05-25 16:32 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 16:27 - 2014-05-25 16:27 - 01016261 _____ (Thisisu) C:\Users\Wermutstropfen\Desktop\JRT.exe
2014-05-25 16:24 - 2014-05-25 16:24 - 00015791 _____ () C:\Users\Wermutstropfen\Desktop\AdwCleaner[S0].txt
2014-05-25 16:22 - 2006-11-02 14:46 - 00369584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-25 16:19 - 2014-05-25 16:19 - 00000000 ____D () C:\AdwCleaner
2014-05-25 16:19 - 2012-03-20 12:36 - 00000997 _____ () C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-25 16:18 - 2014-05-25 16:18 - 01326389 _____ () C:\Users\Wermutstropfen\Desktop\adwcleaner_3.210.exe
2014-05-25 16:14 - 2012-03-20 12:36 - 00068136 _____ () C:\Users\Wermutstropfen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-24 22:29 - 2014-04-04 20:24 - 00000000 ____D () C:\Users\Wermutstropfen\Documents\Star Trek
2014-05-24 22:26 - 2006-11-02 14:35 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-24 20:06 - 2014-05-24 20:37 - 00015106 _____ () C:\Users\Wermutstropfen\Desktop\ComboFix.txt
2014-05-24 20:06 - 2014-05-24 20:06 - 00015106 _____ () C:\ComboFix.txt
2014-05-24 20:06 - 2014-05-24 19:29 - 00000000 ____D () C:\Qoobox
2014-05-24 20:06 - 2014-05-24 19:29 - 00000000 ____D () C:\ComboFix
2014-05-24 20:06 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-24 20:06 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-24 20:04 - 2014-05-24 19:27 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 20:00 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-24 19:56 - 2006-11-02 12:22 - 70516736 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-24 19:56 - 2006-11-02 12:22 - 36700160 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-24 19:56 - 2006-11-02 12:22 - 36700160 _____ () C:\Windows\system32\config\COMPON~1.bak
2014-05-24 19:56 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-24 19:56 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-24 19:56 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-24 18:58 - 2014-05-24 18:57 - 05200426 ____R (Swearware) C:\Users\Wermutstropfen\Desktop\ComboFix.exe
2014-05-24 16:49 - 2014-05-24 10:11 - 00006846 _____ () C:\Users\Wermutstropfen\Desktop\defogger_disable.log
2014-05-24 12:04 - 2013-09-16 20:48 - 00000529 __RSH () C:\Windows\system32\VFsRegister
2014-05-24 10:33 - 2014-05-24 10:33 - 00380416 _____ () C:\Users\Wermutstropfen\Desktop\vnn5r04r.exe
2014-05-24 10:19 - 2014-05-24 10:17 - 00037458 _____ () C:\Users\Wermutstropfen\Desktop\old_Addition.txt
2014-05-24 10:19 - 2014-05-24 10:15 - 00041918 _____ () C:\Users\Wermutstropfen\Desktop\old_FRST.txt
2014-05-24 10:14 - 2014-05-24 10:14 - 01056768 _____ (Farbar) C:\Users\Wermutstropfen\Desktop\FRST.exe
2014-05-24 10:11 - 2014-05-24 10:11 - 00000000 _____ () C:\Users\Wermutstropfen\defogger_reenable
2014-05-24 10:09 - 2014-05-24 10:09 - 00050477 _____ () C:\Users\Wermutstropfen\Desktop\Defogger.exe
2014-05-24 00:19 - 2013-11-10 22:19 - 00000040 _____ () C:\Users\Wermutstropfen\AppData\Roaming\WB.CFG
2014-05-23 11:48 - 2012-04-02 15:50 - 00000000 ____D () C:\Users\Wermutstropfen\Documents\Jobcenter
2014-05-20 21:41 - 2013-05-05 19:52 - 00000000 ____D () C:\Games
2014-05-20 15:16 - 2012-04-22 18:56 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Roaming\ICQ
2014-05-15 22:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 12:18 - 2012-04-23 10:12 - 00000000 ____D () C:\Users\Wermutstropfen\Documents\Nachhilfe Orga
2014-05-14 21:16 - 2013-08-14 19:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 16:14 - 2006-11-02 12:33 - 01583198 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-14 16:03 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-14 15:16 - 2012-03-27 23:25 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-12 07:26 - 2014-05-25 16:40 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-25 16:40 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-25 16:40 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 09:59 - 2014-05-09 09:57 - 00000000 ____D () C:\ProgramData\AntiToolbar
2014-05-09 09:59 - 2014-05-09 09:57 - 00000000 ____D () C:\Program Files\AntiToolbar
2014-05-09 09:58 - 2014-05-09 09:58 - 00000000 ____D () C:\ProgramData\CDB
2014-05-09 09:58 - 2014-05-09 09:57 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-09 09:57 - 2014-05-09 09:57 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Local\MFAData
2014-05-09 09:57 - 2014-05-09 09:57 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Local\Avg2013
2014-05-09 09:57 - 2014-05-09 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiToolbar
2014-05-09 09:55 - 2014-05-09 09:55 - 00684776 _____ (Reimage®) C:\Users\Wermutstropfen\Downloads\AntiToolbar03.exe
2014-05-08 22:43 - 2013-10-17 09:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-08 22:42 - 2014-05-08 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-08 22:42 - 2014-05-08 22:39 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-08 22:42 - 2013-08-12 19:09 - 00000000 ____D () C:\Program Files\Java
2014-05-08 22:25 - 2014-01-29 12:25 - 00921512 _____ (Oracle Corporation) C:\Users\Wermutstropfen\Downloads\jxpiinstall.exe
2014-05-07 21:12 - 2014-05-07 21:12 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-07 20:35 - 2014-05-07 20:16 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Roaming\Mozilla
2014-05-07 20:34 - 2014-05-07 20:34 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-07 20:34 - 2014-05-07 20:34 - 00000000 _____ () C:\Users\Wermutstropfen\Downloads\Firefox Setup Stub 29_0_exe (1).5ur9ay3.partial
2014-05-07 20:34 - 2012-03-23 13:47 - 16000760 _____ (Mozilla) C:\Users\Wermutstropfen\Downloads\Firefox Setup 11.0.exe
2014-05-07 20:22 - 2014-05-07 20:22 - 00000000 _____ () C:\Users\Wermutstropfen\Downloads\Firefox Setup Stub 29_0_exe.6fr75ny.partial
2014-05-06 01:32 - 2014-05-14 16:01 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-14 16:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-14 16:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 21:38 - 2014-05-04 23:16 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-05-04 23:19 - 2014-05-04 23:19 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-05-04 23:19 - 2014-05-04 23:19 - 00000000 ____D () C:\sh4ldr
2014-05-04 23:16 - 2014-05-04 23:16 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-05-04 23:13 - 2014-05-04 23:13 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Wermutstropfen\Downloads\SpyHunter-Installer.exe
2014-05-04 22:19 - 2012-05-11 15:51 - 00000000 ____D () C:\Users\Wermutstropfen\Documents\Spaßkasse
2014-05-03 19:42 - 2014-05-03 19:41 - 18985347 _____ () C:\Users\Wermutstropfen\Downloads\cursmon1.zip
2014-05-03 19:29 - 2014-05-03 19:29 - 02271256 _____ () C:\Users\Wermutstropfen\Downloads\The_Curse_Of_Monkey_Island.exe
2014-05-03 19:18 - 2013-07-10 22:32 - 00262144 _____ () C:\Windows\system32\config\elam
2014-05-03 19:15 - 2014-05-03 19:15 - 00000000 ____D () C:\Users\Wermutstropfen\AppData\Roaming\Wise
2014-05-02 10:48 - 2012-04-01 11:10 - 00000000 ____D () C:\Users\Wermutstropfen\Documents\Mathematik
2014-04-30 19:49 - 2012-04-26 13:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 18:05 - 2014-04-30 17:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-25 21:00
==================== End Of Log ============================
--- --- --- 6. FRST - Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-05-2014
Ran by Wermutstropfen at 2014-05-25 21:13:59
Running from C:\Users\Wermutstropfen\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
AntiToolbar (HKLM\...\AntiToolbar) (Version: 1.0.0.8 - Reimage)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Beneath a Steel Sky (HKLM\...\Beneath a Steel Sky) (Version: Release 8 - )
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.8.0.68 - Canon Inc.)
Cisco EAP-FAST Module (HKLM\...\{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}) (Version: 2.2.9 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{934B3B19-8193-467A-B356-E73F82647D38}) (Version: 1.0.15 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{BAD1449B-DF0C-4118-B76D-68C54009576C}) (Version: 1.1.2 - Cisco Systems, Inc.)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 1.0.0.0068 - Disc Soft Ltd)
DVDx 4.0 Open Edition (HKLM\...\DVDx 4.0 Open Edition) (Version: 4.0 (Open Edition) - labDV)
EOSMSG (HKLM\...\{C68EB8C6-FFCC-42A8-B509-18B331E220F7}) (Version: 4.0.0 - www.eosmsg.com)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WP-4525 Series Printer Uninstall (HKLM\...\EPSON WP-4525 Series) (Version: - SEIKO EPSON Corporation)
Free Pascal 2.6.0 (HKLM\...\FreePascal_is1) (Version: - Free Pascal Team)
Geany 1.22 (HKLM\...\Geany) (Version: 1.22 - The Geany developer team)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
GSview 4.9 (HKLM\...\GSview 4.9) (Version: - )
Heroes II - The Price of Loyalty Bundle (HKLM\...\Heroes II - The Price of Loyalty) (Version: - )
Heroes of Might & Magic V: Hammers of Fate (HKLM\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version: - )
Heroes of Might and Magic IV: Winds of War (HKLM\...\Heroes of Might and Magic IV) (Version: - )
Heroes of Might and Magic V (HKLM\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Heroes of Might and Magic® III Complete (HKLM\...\Heroes of Might and Magic® III) (Version: - )
High-Definition Video Playback (Version: 11.1.11100.4.196 - Nero AG) Hidden
ICQ7.7 (HKLM\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LECTURNITY Player (HKLM\...\{8624888C-A959-45A5-98F4-292E956325EA}) (Version: 4.0.0000 - imc AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maniac Mansion Deluxe (HKLM\...\Maniac Mansion Deluxe) (Version: - )
Maple 15 (HKLM\...\Maple 15) (Version: 15.0.0.0 - Maplesoft)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MiKTeX 2.8 (HKLM\...\MiKTeX 2.8) (Version: 2.8 - MiKTeX.org)
Monkey Island (HKLM\...\{26D1AA3E-36F2-4E2E-BBF5-FFBBE9D7B766}) (Version: 1 - XeonKing©)
Monkey Island 2 (HKLM\...\{E86BFD65-8287-4FF2-BC7D-808E70417A48}) (Version: 2 - XeonKing©)
Mozilla Firefox 11.0 (x86 de) (HKLM\...\Mozilla Firefox 11.0 (x86 de)) (Version: 11.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\MPEG4E) (Version: - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Core Components 11 (Version: 11.0.16000.1.20 - Nero AG) Hidden
Nero Kwik Media (HKLM\...\{20F71B17-008C-43B4-8097-58FB62EA7AB8}) (Version: 11.0.17100 - Nero AG)
Nero Kwik Media (Version: 1.10.24800.146.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (Version: 11.0.10200 - Nero AG) Hidden
Nero Update (Version: 11.0.11500.28.0 - Nero AG) Hidden
nero.prerequisites.msi (Version: 11.0.20010 - Nero AG) Hidden
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
QSopt Version 1.0 (HKLM\...\QSopt1.0_is1) (Version: 1.0 - QSopt)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 4.19 - Philipp Winterberg)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
ScummVM 0.9.0 (HKLM\...\ScummVM_is1) (Version: - )
Shopping Helper Smartbar (HKLM\...\{B2A302E7-8FA4-4585-AB7F-12C4DEBC0D32}) (Version: 11.44.63.16736 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKCU\...\{4712356b-5e5e-4025-a33e-ececdaf1d5e2}) (Version: 11.44.63.16736 - ReSoft Ltd.) <==== ATTENTION
Simpo PDF Creator Lite 3.1.1.0 (HKLM\...\Simpo PDF Creator Lite_is1) (Version: - )
Skype™ 6.5 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{AF549236-6258-4AC6-A043-5B5B89C6EB61}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden
TeXnicCenter Version 1.0 Stable RC1 (HKLM\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
The Curse of Monkey Island (HKLM\...\{D54F139D-A524-49DB-A543-B5926682323F}) (Version: 3 - XeonKing©)
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version: - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
VirtualDrive Pro (HKLM\...\{D5BB0907-4BB0-46A3-AA68-0173D111058D}) (Version: - )
VirtualDrive Pro (HKLM\...\{EEE22184-B53C-4B87-9F5B-53638160B966}) (Version: 14.00 - FarStone Technology Inc.)
Vision Double Feature (HKLM\...\Vision Double Feature) (Version: - )
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
Windows-Soundschemas (HKLM\...\UltSounds) (Version: - Microsoft Corporation)
==================== Restore Points =========================
02-05-2014 18:56:02 Geplanter Prüfpunkt
03-05-2014 19:35:06 Windows Update
04-05-2014 21:16:40 Installed SpyHunter
05-05-2014 19:37:11 Removed SpyHunter
08-05-2014 20:36:09 Installed Java 7 Update 55
08-05-2014 21:40:39 Windows Update
14-05-2014 14:00:25 Windows Update
25-05-2014 18:20:12 zoek.exe restore point
==================== Hosts content: ==========================
2006-11-02 12:23 - 2014-05-24 20:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {03CA5F47-18C2-432C-8928-A62938B68656} - System32\Tasks\{D6371849-DB58-4A57-9CDA-6B8E87631CC0} => Firefox.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/eula?source=lightinstaller
Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {08E4B430-412D-445D-B2B9-133D1A1E06B1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-766344687-1236243651-3856011510-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {15F1B85D-EE16-4D04-93DC-72A393EE9B7D} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {22887D00-5E43-4EE3-9123-9DEC0A920409} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-766344687-1236243651-3856011510-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {36C11FD1-841D-4B06-9FE9-E1847AE1EC9F} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {49FD4271-77CB-4038-A72B-21596A61C5F7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-766344687-1236243651-3856011510-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {5A6D9831-D95C-4713-B4E9-F03D1644498F} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {852C63CB-634F-46EC-96DD-B08438C5F502} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {8DE15368-6411-498C-94C5-36B306880D57} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {A086AC24-219A-4CC6-9648-314AF5626D34} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {D01FDC5C-9876-4AD3-BE21-A533B4195807} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-766344687-1236243651-3856011510-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {D4A1BDBD-42EC-4320-B5D8-D33CA58EE716} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-766344687-1236243651-3856011510-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {DAD2D7A9-844D-4223-823E-7A7D8A40EBD7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E8E88318-CC7E-4D4D-9B17-1331A620C8A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-766344687-1236243651-3856011510-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {EBCADB90-DC3F-451E-B045-172A24E1EB54} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-766344687-1236243651-3856011510-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
==================== Loaded Modules (whitelisted) =============
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-12 15:12 - 2014-03-07 22:39 - 03168576 _____ () C:\Users\Wermutstropfen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2011-01-17 16:19 - 2012-03-27 15:30 - 00985088 _____ () C:\Program Files\OpenOffice\program\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Atheros AR5B91 Wireless Network Adapter
Description: Atheros AR5B91 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2014 08:00:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (05/25/2014 08:47:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
Error: (05/25/2014 08:41:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter
Error: (05/25/2014 08:41:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (05/25/2014 08:32:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (05/25/2014 08:32:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (05/25/2014 08:32:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (05/25/2014 08:32:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (05/25/2014 08:32:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (05/25/2014 08:13:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter
Error: (05/25/2014 08:13:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (05/25/2014 08:00:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
CodeIntegrity Errors:
===================================
Date: 2014-05-25 21:13:52.636
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:52.386
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:52.121
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:51.856
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:51.591
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:51.341
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:51.076
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:50.780
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:50.358
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 21:13:50.093
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 2999.9 MB
Available physical RAM: 2030.66 MB
Total Pagefile: 6241.98 MB
Available Pagefile: 5421.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.21 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:140.71 GB) (Free:24.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: A8F16AE4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=141 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Felix |
Baum-Darstellung