| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Vista => Windows Version InstallerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2014, 15:29
| #1 |
 |  Windows Vista => Windows Version Installer Guten Tag, ich habe folgendes Problem: auf meinem PC öffnet sich regelmäßig ein Installationsfenster "Windows Version Installer" zudem ist der PC seitdem auch sehr langsam.  Auch sämtliche Browser sind sehr langsam geworden und es öffnen sich verschiedene Werbe-Pop-Ups. Könnt ihr mir da weiterhelfen? ==> Was sollte ich euch dafür darstellen? Verschiedene Logs o.ä.? Vielen Dank im voraus.  Grüße |
|
08.07.2014, 15:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Vista => Windows Version Installer Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.07.2014, 16:55
| #3 |
| | Windows Vista => Windows Version Installer Hier die FRST LOG-Datei
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Helweg (administrator) on HELWEG-PC on 08-07-2014 17:43:24
Running from C:\Users\Helweg\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
() C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
() C:\Program Files (x86)\Pirrit\AutoUpdater.exe
() C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Fujitsu Siemens Computers GmbH) C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe
() C:\Users\Helweg\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe
() C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [EnergySettings] => C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe [113664 2008-09-19] (Fujitsu Siemens Computers GmbH)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-08-21] (Google Inc.)
HKU\.DEFAULT\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2287802022-4268522758-2682476950-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-2287802022-4268522758-2682476950-1000\...\MountPoints2: {1d819712-e56f-11de-a609-002421113cb2} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2287802022-4268522758-2682476950-1000\...\MountPoints2: {b3056f58-f81e-11dd-b4d8-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2287802022-4268522758-2682476950-1005\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [220992 2014-06-26] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [182080 2014-06-26] (Client Connect LTD)
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGVKu6Q001nhymEycOvFS34kAiVhtFCkN9w0eczA3sLlyUT5FAxqXD2xWE9jZCG3Grq-LqvjzI1ayVEZ01qtcM9A,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGVKu6Q001nhymEycOvFS34kAiVhtFCkN9w0eczA3sLlyUT5FAxqXD2xWE9jZCG3Grq-LqvjzI1ayVEZ01qtcM9A,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C&q={searchTerms}
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DtB0AtAyD0E0EtGtC0AtAyEtG0FtC0ByCtG0F0BzztBtGyC0D0B0DtDzz0C0CzyyByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=429708093&ir=
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DtB0AtAyD0E0EtGtC0AtAyEtG0FtC0ByCtG0F0BzztBtGyC0D0B0DtDzz0C0CzyyByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=429708093&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGVKu6Q001nhymEycOvFS34kAiVhtFCkN9w0eczA3sLlyUT5FAxqXD2xWE9jZCG3BtPCKu0xKCdep-pQ9kig1zg,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGVKu6Q001nhymEycOvFS34kAiVhtFCkN9w0eczA3sLlyUT5FAxqXD2xWE9jZCG3BtPCKu0xKCdep-pQ9kig1zg,,&q={searchTerms}
SearchScopes: HKLM-x32 - {13DD0DAB-E201-4CFE-9FFF-82D9607E48ED} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=7b68cb00-f73a-11e0-bed2-002421113cb2&q={searchTerms}
SearchScopes: HKLM-x32 - {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 - {B02CF801-09A6-4D54-8304-7241DB4CA721} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=7b68cb00-f73a-11e0-bed2-002421113cb2&q={searchTerms}
SearchScopes: HKLM-x32 - {B83FFEF7-264A-45BA-8862-3CDCC5F6509D} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=7b68cb00-f73a-11e0-bed2-002421113cb2&q={searchTerms}
SearchScopes: HKLM-x32 - {CD8517E8-4747-4ABB-A56B-D2B728494DBB} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=7b68cb00-f73a-11e0-bed2-002421113cb2&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGVKu6Q001nhymEycOvFS34kAiVhtFCkN9w0eczA3sLlyUT5FAxqXD2xWE9jZCG3Grq-LqvjzI1ayVEZ01qtcM9A,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGVKu6Q001nhymEycOvFS34kAiVhtFCkN9w0eczA3sLlyUT5FAxqXD2xWE9jZCG3Grq-LqvjzI1ayVEZ01qtcM9A,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0CA5C2A4-FC7B-42AC-B2BE-F76A4326CE57} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
SearchScopes: HKCU - {13DD0DAB-E201-4CFE-9FFF-82D9607E48ED} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=7b68cb00-f73a-11e0-bed2-002421113cb2&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DtB0AtAyD0E0EtGtC0AtAyEtG0FtC0ByCtG0F0BzztBtGyC0D0B0DtDzz0C0CzyyByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=429708093&ir=
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {B02CF801-09A6-4D54-8304-7241DB4CA721} URL =
SearchScopes: HKCU - {B83FFEF7-264A-45BA-8862-3CDCC5F6509D} URL =
SearchScopes: HKCU - {BE9654C9-9D79-42ec-B55A-3CAEB12DBF58} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {CD8517E8-4747-4ABB-A56B-D2B728494DBB} URL =
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92823316479585340
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll ()
BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Helweg\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: No Name - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll ()
BHO-x32: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Helweg\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: ConstaSurf - {d7356335-81bf-4769-bfbd-2e2889138641} - C:\Program Files (x86)\ConstaSurf\82EB132D-0662-4EC3-AA83-8E64F1863962.dll (ConstaSurf)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {3004627E-F8E9-4E8B-909D-316753CBA923} - No File
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=114576&ilc=12&p=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 - C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll No File
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\user.js
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\browsemngr.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-25.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\ascsurfingprotection@iobit.com [2014-04-18]
FF Extension: Funmoods.com - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\ffxtlbr@funmoods.com [2012-08-11]
FF Extension: Slick Savings - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\savingsslider@mybrowserbar.com [2014-04-18]
FF Extension: WEB.DE MailCheck - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\toolbar@web.de [2013-01-19]
FF Extension: vShare - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\vshare@toolbar [2012-03-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-19]
FF Extension: Start Page - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-04-18]
FF Extension: ICQ Toolbar - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-07-25]
FF Extension: IncrediMail MediaBar 2 Community Toolbar - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2013-02-14]
FF Extension: Greasemonkey - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2013-01-26]
FF Extension: DealPly - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-08-11]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013-01-11]
FF Extension: WEB.DE MailCheck - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\toolbar@web.de.xpi [2011-12-22]
FF Extension: vshare Add-On - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-17]
FF Extension: Greasemonkey - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011-05-15]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Helweg\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF Extension: SpeedAnalysis.com - C:\Users\Helweg\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-04]
FF HKCU\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Helweg\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF Extension: SpeedAnalysis.com - C:\Users\Helweg\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013-03-23]
FF HKCU\...\Firefox\Extensions: [{265EBC63-A567-27EE-3841-675D6F8D29FC}] - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi [2014-05-11]
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Funmoods Chat) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2014-02-06]
CHR Extension: (SpeedAnalysis.com) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon [2014-04-18]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-18]
CHR Extension: (MySearchDial) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-18]
CHR Extension: (Domain Error Assistant) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-18]
CHR Extension: (Slick Savings) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-05-11]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-06-23]
CHR Extension: (Extutil) - C:\Users\Helweg\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-03]
CHR Extension: (Managera) - C:\Users\Helweg\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-03]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Helweg\AppData\Local\funmoods.crx [2012-08-10]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Helweg\AppData\Local\speedial.crx [2014-04-15]
CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Helweg\AppData\Local\funmoods.crx [2012-08-10]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-08-10]
CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Helweg\AppData\Local\speedial.crx [2014-04-15]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-06-04]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Helweg\AppData\Local\funmoods.crx [2012-08-10]
CHR HKLM-x32\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Helweg\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [2013-02-14]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2013-02-14]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Helweg\AppData\Local\speedial.crx [2014-04-15]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Helweg\AppData\Local\Slick Savings\coupons.crx [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-08]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S2 500846993a1f840578b6d445a5a24d51.exe; C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51\500846993a1f840578b6d445a5a24d51.exe [110629 2014-06-28] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BlockAndSurf; C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.exe [142848 2014-05-11] () [File not signed]
R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-26] (Client Connect LTD)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-11] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-11] (globalUpdate) [File not signed]
S2 gupdate1c9b2bb5d066bbd; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-04-01] (Google Inc.)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [59904 2014-02-20] () [File not signed]
S2 pricemeterliveUpdate; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-06-11] (PriceMeter)
S3 pricemeterliveUpdatem; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-06-11] (PriceMeter)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 Update ConstaSurf; C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe [318752 2014-07-08] ()
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
R2 Util ConstaSurf; C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe [318752 2014-07-08] ()
R2 vosr; C:\Users\Helweg\AppData\Roaming\VOPackage\VOsrv.exe [51712 2014-05-09] () [File not signed]
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-26] () [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-04-08] (Cherished Technololgy LIMITED) [File not signed]
S2 04bf3f87162335f.exe; C:\Users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2\04bf3f87162335f.exe [X]
S2 eaa8b969887a12a.exe; C:\Users\Frank\AppData\Local\bfe77b92df5c1641fd95342b38cd3be4\eaa8b969887a12a.exe [X]
S2 PirritDesktop; C:\Users\Helweg\AppData\Local\PirritSuggestor\PirritService.exe [X]
==================== Drivers (Whitelisted) ====================
R0 Achernar; C:\Windows\System32\Drivers\Achernar.sys [34104 2009-04-05] (NewSoft Technology Corporation)
R0 Achernar; C:\Windows\SysWOW64\Drivers\Achernar.sys [18432 2007-02-05] (NewSoft Technology Corporation) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 RegFltrX64; C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51\RegFltrX64.sys [18064 2014-06-04] () [File not signed]
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2009-09-03] (Texas Instruments) [File not signed]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}t64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys [60096 2014-06-11] (StdLib)
R1 {bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64; C:\Windows\System32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys [60096 2014-06-30] (StdLib)
S3 cpuz134; \??\C:\Users\Helweg\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-08 17:43 - 2014-07-08 17:50 - 00041821 _____ () C:\Users\Helweg\Desktop\FRST.txt
2014-07-08 17:42 - 2014-07-08 17:43 - 00000000 ____D () C:\FRST
2014-07-08 17:42 - 2014-07-08 17:41 - 02084352 _____ (Farbar) C:\Users\Helweg\Desktop\FRST64.exe
2014-07-08 17:41 - 2014-07-08 17:41 - 02084352 _____ (Farbar) C:\Users\Helweg\Downloads\FRST64.exe
2014-07-08 15:24 - 2014-07-08 15:24 - 00000934 _____ () C:\Users\Helweg\Desktop\Continue VuuPC Installation.lnk
2014-07-08 15:18 - 2014-07-08 15:18 - 00000000 _____ () C:\autoexec.bat
2014-07-08 15:17 - 2014-07-08 15:17 - 00003332 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-07-08 15:17 - 2014-07-08 15:17 - 00002057 _____ () C:\Users\Helweg\Desktop\SpyHunter.lnk
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\Users\Helweg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\sh4ldr
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-08 15:17 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-07-08 15:16 - 2014-07-08 15:17 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-08 15:07 - 2014-07-08 15:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Helweg\Downloads\sh-remover.exe
2014-07-08 14:14 - 2014-07-08 14:14 - 00822448 _____ (Reimage®) C:\Users\Helweg\Downloads\ReimageRepair.exe
2014-07-08 13:35 - 2014-07-08 14:53 - 00157018 _____ () C:\Windows\PFRO.log
2014-07-08 13:17 - 2014-07-08 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-08 13:06 - 2014-07-08 13:08 - 141865920 _____ () C:\Users\Helweg\Downloads\avira_free_antivirus45_de.exe
2014-07-08 12:55 - 2014-07-08 14:37 - 00000000 ____D () C:\Users\Helweg\AppData\Local\Smartbar
2014-07-04 03:04 - 2014-07-04 03:04 - 00849408 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI553C.txt
2014-07-03 18:20 - 2014-07-03 18:20 - 00001638 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-03 18:19 - 2014-07-03 18:19 - 04362512 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\dfsetup218.exe
2014-07-03 17:52 - 2014-07-03 17:52 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-03 17:51 - 2014-07-03 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:51 - 2014-07-03 17:51 - 00000736 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:51 - 2014-07-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:47 - 2014-07-03 17:48 - 03736040 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\ccsetup415_slim.exe
2014-07-03 16:47 - 2014-07-03 16:49 - 04211448 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_x64_MSI7CD9.txt
2014-07-03 16:37 - 2014-07-03 16:49 - 00346038 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install.txt
2014-07-03 16:37 - 2014-07-03 16:49 - 00010576 _____ () C:\Users\Helweg\AppData\Local\setup.log
2014-07-03 16:37 - 2014-07-03 16:38 - 00184707 _____ () C:\Users\Helweg\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00872384 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_LangPack_MSI752F.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error.txt
2014-07-03 16:36 - 2014-07-03 16:37 - 00156252 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install_lp.txt
2014-07-03 16:36 - 2014-07-03 16:36 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error_lp.txt
2014-06-30 22:47 - 2014-06-30 10:21 - 00060096 _____ (StdLib) C:\Windows\system32\Drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys
2014-06-28 12:29 - 2014-06-28 12:29 - 00000000 ____D () C:\Program Files (x86)\eDealsPop
2014-06-28 12:28 - 2014-06-30 18:53 - 00000000 ____D () C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51
2014-06-28 11:26 - 2014-06-28 11:26 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-06-28 11:26 - 2014-06-28 11:26 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-06-22 22:15 - 2014-06-22 22:15 - 00000000 ____D () C:\Users\Guido\AppData\Local\SearchProtect
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (7).exe
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (6).exe
2014-06-12 19:12 - 2014-06-11 14:53 - 00060096 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys
2014-06-11 19:29 - 2014-06-11 19:29 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\QuickScan
2014-06-11 19:28 - 2014-06-11 19:28 - 00000907 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 19:28 - 2014-06-11 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-11 19:27 - 2014-07-08 17:32 - 00000966 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-06-11 19:27 - 2014-07-08 14:53 - 00000962 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-06-11 19:27 - 2014-06-11 19:27 - 00003962 _____ () C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
2014-06-11 19:27 - 2014-06-11 19:27 - 00003710 _____ () C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
2014-06-11 19:26 - 2014-06-11 19:26 - 00003214 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Users\Helweg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Users\Helweg\AppData\Local\PriceMeterLiveUpdate
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Users\Helweg\AppData\Local\PriceMeter
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Program Files (x86)\PriceMeterLiveUpdate
2014-06-11 19:25 - 2014-06-11 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-11 19:25 - 2014-06-11 19:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-11 19:24 - 2014-06-30 18:44 - 00000000 ____D () C:\Program Files (x86)\ConstaSurf
2014-06-11 19:24 - 2014-06-11 19:24 - 00000000 ____D () C:\Users\Frank\AppData\Local\SearchProtect
2014-06-11 19:23 - 2014-07-03 16:15 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-11 19:23 - 2014-06-11 19:23 - 00998424 _____ () C:\Users\Frank\Downloads\setup (5).exe
2014-06-11 19:23 - 2014-06-11 19:23 - 00998424 _____ () C:\Users\Frank\Downloads\setup (4).exe
2014-06-11 18:50 - 2014-04-26 20:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 18:50 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 18:50 - 2014-04-05 11:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 18:50 - 2014-03-10 08:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 18:50 - 2014-03-10 08:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 18:50 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 18:50 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 18:49 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:49 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:49 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:49 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:49 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:49 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:49 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 18:49 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:49 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 18:49 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:49 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:49 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:49 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:49 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:49 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:49 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:49 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:49 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 18:49 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 18:49 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 18:49 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:49 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 18:49 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 18:49 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 18:49 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 18:49 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 18:49 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 18:49 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 18:49 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 18:49 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 18:49 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 18:49 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 18:49 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 18:49 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 18:49 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 18:49 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 18:49 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 18:49 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 18:49 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 18:49 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 18:49 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-11 18:49 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 23:16 - 2014-06-10 23:16 - 00998400 _____ () C:\Users\Frank\Downloads\setup (3).exe
==================== One Month Modified Files and Folders =======
2014-07-08 17:50 - 2014-07-08 17:43 - 00041821 _____ () C:\Users\Helweg\Desktop\FRST.txt
2014-07-08 17:43 - 2014-07-08 17:42 - 00000000 ____D () C:\FRST
2014-07-08 17:41 - 2014-07-08 17:42 - 02084352 _____ (Farbar) C:\Users\Helweg\Desktop\FRST64.exe
2014-07-08 17:41 - 2014-07-08 17:41 - 02084352 _____ (Farbar) C:\Users\Helweg\Downloads\FRST64.exe
2014-07-08 17:40 - 2009-06-30 12:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 17:32 - 2014-06-11 19:27 - 00000966 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-07-08 17:30 - 2014-05-11 17:29 - 00000406 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-07-08 17:25 - 2014-04-15 19:25 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
2014-07-08 17:25 - 2014-04-15 19:25 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36}.job
2014-07-08 17:25 - 2014-04-15 19:25 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13}.job
2014-07-08 17:21 - 2014-05-11 17:16 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-08 17:19 - 2014-05-11 17:29 - 00000426 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-07-08 17:17 - 2014-05-11 17:17 - 00001528 _____ () C:\Windows\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-5.job
2014-07-08 17:16 - 2014-05-11 17:16 - 00001482 _____ () C:\Windows\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-6.job
2014-07-08 17:16 - 2014-05-11 17:16 - 00001446 _____ () C:\Windows\Tasks\944b5fda-82a5-4469-9cab-b60c4ca15acb-5.job
2014-07-08 17:16 - 2014-05-11 17:16 - 00001408 _____ () C:\Windows\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-7.job
2014-07-08 16:53 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 16:53 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 16:40 - 2009-06-30 12:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 15:55 - 2013-03-23 13:45 - 00001027 _____ () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2014-07-08 15:55 - 2013-01-07 20:12 - 00001135 _____ () C:\Users\Frank\Desktop\Dropbox.lnk
2014-07-08 15:55 - 2012-07-10 21:43 - 00001913 _____ () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000934 _____ () C:\Users\Helweg\Desktop\Continue VuuPC Installation.lnk
2014-07-08 15:18 - 2014-07-08 15:18 - 00000000 _____ () C:\autoexec.bat
2014-07-08 15:18 - 2009-03-17 20:52 - 01059101 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 15:17 - 2014-07-08 15:17 - 00003332 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-07-08 15:17 - 2014-07-08 15:17 - 00002057 _____ () C:\Users\Helweg\Desktop\SpyHunter.lnk
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\Users\Helweg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\sh4ldr
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-08 15:17 - 2014-07-08 15:16 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-08 15:07 - 2014-07-08 15:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Helweg\Downloads\sh-remover.exe
2014-07-08 15:03 - 2014-04-15 19:28 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-08 14:57 - 2006-11-02 14:34 - 00000342 _____ () C:\Windows\win.ini
2014-07-08 14:53 - 2014-07-08 13:35 - 00157018 _____ () C:\Windows\PFRO.log
2014-07-08 14:53 - 2014-06-11 19:27 - 00000962 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-07-08 14:53 - 2014-04-15 19:28 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-08 14:53 - 2013-12-28 01:40 - 00000292 _____ () C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job
2014-07-08 14:53 - 2009-01-26 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-08 14:53 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 14:52 - 2006-11-02 17:42 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-08 14:44 - 2014-04-15 19:28 - 00000320 _____ () C:\Users\Helweg\AppData\Roaming\aps.uninstall.scan.results
2014-07-08 14:43 - 2014-04-15 19:28 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-08 14:43 - 2014-04-15 19:28 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-08 14:43 - 2014-04-15 19:28 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-08 14:43 - 2014-04-15 19:28 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-08 14:37 - 2014-07-08 12:55 - 00000000 ____D () C:\Users\Helweg\AppData\Local\Smartbar
2014-07-08 14:16 - 2014-04-14 18:29 - 00000163 _____ () C:\Windows\Reimage.ini
2014-07-08 14:14 - 2014-07-08 14:14 - 00822448 _____ (Reimage®) C:\Users\Helweg\Downloads\ReimageRepair.exe
2014-07-08 13:17 - 2014-07-08 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-08 13:17 - 2012-12-30 13:59 - 00001907 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-08 13:08 - 2014-07-08 13:06 - 141865920 _____ () C:\Users\Helweg\Downloads\avira_free_antivirus45_de.exe
2014-07-08 12:59 - 2009-03-18 19:14 - 00000000 ____D () C:\Users\Helweg\Desktop\Frank
2014-07-08 11:22 - 2014-04-18 17:52 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-08 07:24 - 2014-04-15 19:24 - 00575887 _____ (ClickMeIn Limited) C:\Users\Helweg\AppData\Local\AnyProtectScannerSetup.exe
2014-07-04 10:38 - 2009-04-01 13:12 - 00001064 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-07-04 03:04 - 2014-07-04 03:04 - 00849408 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI553C.txt
2014-07-04 03:04 - 2009-04-11 15:40 - 00155142 _____ () C:\Windows\dd_dotnetfx35install_lp.txt
2014-07-04 03:04 - 2009-04-11 15:40 - 00072288 _____ () C:\Windows\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 18:20 - 2014-07-03 18:20 - 00001638 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-03 18:19 - 2014-07-03 18:19 - 04362512 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\dfsetup218.exe
2014-07-03 18:14 - 2009-03-18 23:09 - 00002661 _____ () C:\Users\Helweg\Desktop\Word 2003.lnk
2014-07-03 17:56 - 2011-07-04 00:04 - 00000000 ____D () C:\Users\Helweg\AppData\Local\CrashDumps
2014-07-03 17:52 - 2014-07-03 17:52 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-03 17:52 - 2014-07-03 17:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:51 - 2014-07-03 17:51 - 00000736 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:51 - 2014-07-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:48 - 2014-07-03 17:47 - 03736040 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\ccsetup415_slim.exe
2014-07-03 17:07 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Helweg\AppData\Roaming\Slick Savings
2014-07-03 16:59 - 2009-03-17 20:59 - 00097832 _____ () C:\Users\Helweg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 16:58 - 2006-11-02 17:21 - 00364416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-03 16:49 - 2014-07-03 16:47 - 04211448 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_x64_MSI7CD9.txt
2014-07-03 16:49 - 2014-07-03 16:37 - 00346038 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install.txt
2014-07-03 16:49 - 2014-07-03 16:37 - 00010576 _____ () C:\Users\Helweg\AppData\Local\setup.log
2014-07-03 16:38 - 2014-07-03 16:37 - 00184707 _____ () C:\Users\Helweg\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00872384 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_LangPack_MSI752F.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error.txt
2014-07-03 16:37 - 2014-07-03 16:36 - 00156252 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install_lp.txt
2014-07-03 16:36 - 2014-07-03 16:36 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error_lp.txt
2014-07-03 16:22 - 2013-03-31 12:24 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-03 16:15 - 2014-06-11 19:23 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-01 00:44 - 2013-01-07 20:12 - 00000000 ___RD () C:\Users\Frank\Dropbox
2014-06-30 18:53 - 2014-06-28 12:28 - 00000000 ____D () C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51
2014-06-30 18:48 - 2014-05-16 19:36 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\DropboxMaster
2014-06-30 18:48 - 2013-01-07 20:10 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Dropbox
2014-06-30 18:44 - 2014-06-11 19:24 - 00000000 ____D () C:\Program Files (x86)\ConstaSurf
2014-06-30 10:21 - 2014-06-30 22:47 - 00060096 _____ (StdLib) C:\Windows\system32\Drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys
2014-06-28 12:29 - 2014-06-28 12:29 - 00000000 ____D () C:\Program Files (x86)\eDealsPop
2014-06-28 11:26 - 2014-06-28 11:26 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-06-28 11:26 - 2014-06-28 11:26 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-06-27 17:27 - 2009-03-19 19:02 - 00002661 _____ () C:\Users\Guido\Desktop\Microsoft Office Word 2003.lnk
2014-06-22 22:15 - 2014-06-22 22:15 - 00000000 ____D () C:\Users\Guido\AppData\Local\SearchProtect
2014-06-22 19:02 - 2010-07-24 19:21 - 00000000 ____D () C:\Users\Helweg\Desktop\Bilder
2014-06-19 16:35 - 2009-06-30 12:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 16:35 - 2009-06-30 12:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (7).exe
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (6).exe
2014-06-15 13:52 - 2014-04-05 13:38 - 00000000 ____D () C:\Users\Helweg\AppData\Local\SearchProtect
2014-06-13 16:26 - 2013-08-15 16:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 16:24 - 2006-11-02 14:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-11 19:33 - 2014-06-05 17:17 - 00000000 ____D () C:\Users\Frank\AppData\Local\fc2a880503f1ab929600754f6835a71d
2014-06-11 19:29 - 2014-06-11 19:29 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\QuickScan
2014-06-11 19:28 - 2014-06-11 19:28 - 00000907 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 19:28 - 2014-06-11 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-11 19:27 - 2014-06-11 19:27 - 00003962 _____ () C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
2014-06-11 19:27 - 2014-06-11 19:27 - 00003710 _____ () C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
2014-06-11 19:26 - 2014-06-11 19:26 - 00003214 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Users\Helweg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Users\Helweg\AppData\Local\PriceMeterLiveUpdate
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Users\Helweg\AppData\Local\PriceMeter
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-11 19:26 - 2014-06-11 19:26 - 00000000 ____D () C:\Program Files (x86)\PriceMeterLiveUpdate
2014-06-11 19:25 - 2014-06-11 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-11 19:25 - 2014-06-11 19:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-11 19:24 - 2014-06-11 19:24 - 00000000 ____D () C:\Users\Frank\AppData\Local\SearchProtect
2014-06-11 19:23 - 2014-06-11 19:23 - 00998424 _____ () C:\Users\Frank\Downloads\setup (5).exe
2014-06-11 19:23 - 2014-06-11 19:23 - 00998424 _____ () C:\Users\Frank\Downloads\setup (4).exe
2014-06-11 14:53 - 2014-06-12 19:12 - 00060096 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys
2014-06-10 23:16 - 2014-06-10 23:16 - 00998400 _____ () C:\Users\Frank\Downloads\setup (3).exe
2014-06-10 19:54 - 2014-04-16 19:17 - 00002023 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-09 00:13 - 2014-05-27 17:14 - 00000000 ____D () C:\Users\Helweg\AppData\Local\ad1008879b0043e72588826305801881
Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\avgnt.exe
C:\Users\Frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprvayax.dll
C:\Users\Guido\AppData\Local\Temp\AMPing.exe
C:\Users\Guido\AppData\Local\Temp\AskSLib.dll
C:\Users\Guido\AppData\Local\Temp\AutoRun.exe
C:\Users\Guido\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Guido\AppData\Local\Temp\avgnt.exe
C:\Users\Guido\AppData\Local\Temp\bcsetup.exe
C:\Users\Guido\AppData\Local\Temp\DivXSetup.exe
C:\Users\Guido\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Guido\AppData\Local\Temp\ffmpeg3.exe
C:\Users\Guido\AppData\Local\Temp\guninst.exe
C:\Users\Guido\AppData\Local\Temp\gvsetup.exe
C:\Users\Guido\AppData\Local\Temp\ICQInstall.exe
C:\Users\Guido\AppData\Local\Temp\ICQRT.dll
C:\Users\Guido\AppData\Local\Temp\ICQTIK.dll
C:\Users\Guido\AppData\Local\Temp\icytower14.exe
C:\Users\Guido\AppData\Local\Temp\insetup.exe
C:\Users\Guido\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Guido\AppData\Local\Temp\MPDD0000.exe
C:\Users\Guido\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Guido\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Guido\AppData\Local\Temp\prismsetup.exe
C:\Users\Guido\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Guido\AppData\Local\Temp\uninstall.exe
C:\Users\Guido\AppData\Local\Temp\update.exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[0].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[10].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[11].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[12].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[13].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[14].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[15].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[16].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[17].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[18].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[19].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[1].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[20].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[21].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[22].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[23].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[24].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[25].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[26].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[27].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[28].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[29].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[2].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[30].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[31].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[32].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[3].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[4].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[5].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[6].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[7].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[8].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlDLL[9].dll
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[0].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[10].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[11].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[12].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[13].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[14].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[15].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[16].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[17].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[18].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[19].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[1].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[20].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[21].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[22].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[23].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[24].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[25].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[26].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[27].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[28].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[29].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[2].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[30].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[31].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[32].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[3].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[4].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[5].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[6].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[7].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[8].exe
C:\Users\Guido\AppData\Local\Temp\VolumeControlVista[9].exe
C:\Users\Guido\AppData\Local\Temp\vpsetup.exe
C:\Users\Helweg\AppData\Local\Temp\avgnt.exe
C:\Users\Helweg\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Helweg\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 15:01
==================== End Of Log ============================
Hier die Addition LOG-Datei: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Helweg at 2014-07-08 17:50:36
Running from C:\Users\Helweg\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
BlockAndSurf (HKLM-x32\...\9A08C510-8505-2B66-CAC9-1B6A5774EBB0) (Version: - BlockAndSurf-software) <==== ATTENTION
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
ConstaSurf (HKLM\...\ConstaSurf) (Version: 2014.06.11.170159 - ConstaSurf)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
eDealsPop version 1.0 (HKLM-x32\...\eDealsPop_is1) (Version: 1.0 - eDealsPop)
Freeven pro (HKLM-x32\...\Freeven pro) (Version: 1.34.5.4 - Freeven) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IObit Apps Toolbar v9.4 (HKLM-x32\...\{5FACD482-8CE2-41D5-B05F-9EE67D21ECE7}) (Version: 9.4 - Spigot, Inc.) <==== ATTENTION
MaintenanceService-Funmoods (HKCU\...\Funmoods) (Version: - ) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.8 - McAfee, Inc.)
MediaPlayerplus (HKLM-x32\...\MediaPlayerplus) (Version: 1.34.5.4 - Freeven) <==== ATTENTION
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Price Meter (remove only) (HKCU\...\Price Meter) (Version: 1.0.5.8 - Price Meter) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.11.3 - Client Connect LTD) <==== ATTENTION
Slick Savings (HKLM-x32\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
Speedial (HKLM-x32\...\Speedial) (Version: - Speedial) <==== ATTENTION
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
08-07-2014 12:33:00 Removed SafeFinder Smartbar
08-07-2014 12:35:28 Removed SafeFinder Smartbar
08-07-2014 13:16:46 Installed SpyHunter
==================== Hosts content: ==========================
2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0158EACB-EC36-40E8-9367-E6C5C17D1D3D} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-06-11] (PriceMeter) <==== ATTENTION
Task: {0672FA6B-A652-45E5-A9F8-DAB9F4A608F6} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0C6507D3-DF6C-40A7-9A35-B32CA31DD78B} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe <==== ATTENTION
Task: {151501D4-9A06-4D4F-A106-7A45DED2FA01} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {2094025D-868A-4209-B72E-B505F2285553} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {25CDD78F-45B3-43CA-A3F1-81DD7C8109A3} - System32\Tasks\pricemeterdownloader => C:\Users\Helweg\AppData\Local\PriceMeter\pricemeterd.exe [2014-03-13] (PriceMeter) <==== ATTENTION
Task: {2F7E71DC-F2A5-4DC0-9416-C172F688E726} - System32\Tasks\944b5fda-82a5-4469-9cab-b60c4ca15acb-5 => C:\Program Files (x86)\Freeven pro\944b5fda-82a5-4469-9cab-b60c4ca15acb-5.exe <==== ATTENTION
Task: {32522DDA-FE54-4CEF-B490-CDE290CB7F29} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfV47.exe [2014-05-11] () <==== ATTENTION
Task: {34C87B4C-2A30-431E-A4E0-8648670C9669} - System32\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-5 => C:\Program Files (x86)\MediaPlayerplus\6205d7fb-e736-4471-87e2-0b880e332552-5.exe <==== ATTENTION
Task: {3654B89F-DFC8-40CE-91E5-0708BAC3A6AC} - System32\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-7 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-nova.exe <==== ATTENTION
Task: {374000B0-E88F-447F-8BC1-32293B43083D} - System32\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-6 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-novainstaller.exe <==== ATTENTION
Task: {3E39C697-4B82-43BD-BC29-A4730AAF8B65} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Guido => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {435D443A-E098-4268-965F-171790716F93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-01] (Google Inc.)
Task: {478386EA-58E6-4DCC-8FAF-120B4CB77F82} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {4C422867-F1BE-4DA0-BB0F-17FC8C821EFE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {4EC7D5F8-A540-42F3-B73F-098A75471E5C} - System32\Tasks\MySearchDial => C:\Users\Helweg\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {52059672-E875-49B3-A0A7-9E4E4AF75EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-01] (Google Inc.)
Task: {537F4B97-3FA5-4A30-B1C1-6AF3F7CE1852} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {6273CABD-D6BB-4DF7-BEAC-08BC393E4AF8} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {70F93A9D-130F-49E1-B3C8-B3425097A212} - System32\Tasks\FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36} => C:\Program Files\V-bates\PrefHelper.exe [2014-02-26] ()
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7CC11E7D-10B3-4457-A548-FFF35BB72C03} - System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3 => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3.exe <==== ATTENTION
Task: {AC0ED7C4-3C93-4B0E-BC9C-DFAA9CA95D79} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {ACEA87B5-9AE3-4637-8D2A-5D47F29CDEB5} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-06-11] (PriceMeter) <==== ATTENTION
Task: {B06C5296-D461-4C0F-ADFA-F82BF73FDA85} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B38F8E47-9BBC-4117-A7D2-BF3CD85B60AA} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-15] (Google)
Task: {CDFD99DC-8282-4DB1-9F2E-2C1B4851CECF} - System32\Tasks\Driver Booster SkipUAC (Helweg) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe <==== ATTENTION
Task: {D2C9B5C8-31B2-49C4-846C-AF801622F00C} - System32\Tasks\FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13} => C:\Program Files\V-bates\PrefHelper.exe [2014-02-26] ()
Task: {D32BFDB7-C6B3-49D6-9904-576FB6DAB4E1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {D529BCD4-05A9-4FED-A55F-C819206B36FE} - System32\Tasks\Funmoods => C:\Users\Helweg\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {DB7F7E83-7EC3-4384-9351-C0B2CA838F56} - System32\Tasks\OpenCandyHelperRunOnce50B6EA36D71E40A0A3C18908F0DAB3DB => C:\Users\Helweg\AppData\Roaming\OpenCandy\D89AC3DC906141E689AD48C0A591105E\OCBrowserHelper_1.0.6.128.exe [2013-05-22] (OpenCandy)
Task: {DC9FB6A9-126D-42D8-907D-63044DC5D078} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E308BA4E-AB4D-410B-8245-44368113737B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {E55CC7B7-A7DB-4BD7-850D-6B1BB6956675} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F5597B5F-CD4C-4048-A7F5-745CD8AD050A} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-11] (globalUpdate) <==== ATTENTION
Task: {F9F1E983-1677-493B-AD04-76729C77C02A} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-11] (globalUpdate) <==== ATTENTION
Task: {FAA8DAEB-0F4B-4ED9-989C-B070C33C8DB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-5.job => C:\Program Files (x86)\MediaPlayerplus\6205d7fb-e736-4471-87e2-0b880e332552-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-6.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-novainstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-7.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-nova.exe <==== ATTENTION
Task: C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3.job => ?
Task: C:\Windows\Tasks\944b5fda-82a5-4469-9cab-b60c4ca15acb-5.job => C:\Program Files (x86)\Freeven pro\944b5fda-82a5-4469-9cab-b60c4ca15acb-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfV47.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf_wd.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\Funmoods.job => C:\Users\Helweg\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Helweg\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
==================== Loaded Modules (whitelisted) =============
2014-05-11 17:28 - 2014-05-11 17:28 - 00142848 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.exe
2010-06-30 13:21 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
2014-04-15 19:25 - 2014-02-20 15:13 - 00059904 _____ () C:\Program Files (x86)\Pirrit\AutoUpdater.exe
2014-06-11 19:02 - 2014-07-08 11:25 - 00318752 _____ () C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe
2014-06-12 19:10 - 2014-07-08 11:24 - 00318752 _____ () C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe
2014-05-09 20:57 - 2014-05-09 20:57 - 00051712 _____ () C:\Users\Helweg\AppData\Roaming\VOPackage\VOsrv.exe
2014-04-15 19:26 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files (x86)\WinRST\WinRST.exe
2014-06-12 19:12 - 2014-07-08 08:44 - 00096544 _____ () C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe
2014-06-12 19:12 - 2014-07-07 04:55 - 00287008 _____ () C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe
2014-05-11 17:28 - 2014-05-11 17:28 - 00133120 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: BlockNSurf => C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe
MSCONFIG\startupreg: CanonSolutionMenu => "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
MSCONFIG\startupreg: eDealsPop => "C:\Program Files (x86)\eDealsPop\eDealsPop.exe"
MSCONFIG\startupreg: Google Updater => "C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: MMReminderService => "C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe"
MSCONFIG\startupreg: Picasa Media Detector => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Slick Savings => "C:\Users\Helweg\AppData\Roaming\Slick Savings\CouponsHelper.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/08/2014 05:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SpyHunter4.exe, Version 4.17.6.4336 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1b1c
Anfangszeit: 01cf9aaf037ee2b6
Zeitpunkt der Beendigung: 15
Error: (07/08/2014 03:16:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16555 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13b4
Anfangszeit: 01cf9aad3bacd276
Zeitpunkt der Beendigung: 141
Error: (07/08/2014 02:53:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2014 02:50:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16555 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 5284
Anfangszeit: 01cf9aaa308fe92d
Zeitpunkt der Beendigung: 10
Error: (07/08/2014 02:10:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2014 01:36:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2014 11:21:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/03/2014 06:08:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/03/2014 06:06:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HELWEG\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012014070320140704> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (07/03/2014 05:46:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/08/2014 05:30:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/08/2014 05:00:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/08/2014 04:30:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/08/2014 04:00:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/08/2014 03:30:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/08/2014 03:15:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: 500846993a1f840578b6d445a5a24d51.exe1
Error: (07/08/2014 03:00:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/08/2014 02:59:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/08/2014 02:58:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/08/2014 02:57:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Microsoft Office Sessions:
=========================
Error: (07/08/2014 05:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpyHunter4.exe4.17.6.43361b1c01cf9aaf037ee2b615
Error: (07/08/2014 03:16:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1655513b401cf9aad3bacd276141
Error: (07/08/2014 02:53:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2014 02:50:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16555528401cf9aaa308fe92d10
Error: (07/08/2014 02:10:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2014 01:36:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2014 11:21:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/03/2014 06:08:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/03/2014 06:06:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\HELWEG\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012014070320140704
Error: (07/03/2014 05:46:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-05-02 20:04:02.261
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:04:01.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:04:00.957
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:04:00.502
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:03:59.919
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:03:59.450
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:03:58.987
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:03:58.525
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:03:57.962
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:03:57.508
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 4094.32 MB
Available physical RAM: 2317.68 MB
Total Pagefile: 8407.92 MB
Available Pagefile: 6188.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:327.54 GB) (Free:3.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:592.25 GB) (Free:582.36 GB) NTFS
Drive f: (FIFA 14) (CDROM) (Total:7.47 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: C347115F)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=328 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=592 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.07.2014, 20:52
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista => Windows Version Installer Was ist mit meiner Frage nach bisherigen Virenscanner-Logs mit Funden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.07.2014, 20:24
| #5 |
| | Windows Vista => Windows Version Installer Habe heute die Scanner mal drüberlaufen lassen: - Avira zeigt keine Meldungen an. - Malwarebites stürzt generell nachdem man auf den "Scan"-Button drückt ab. - ESET ist fündig geworden... zeigt aber dies an: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Habe das Gefühl, dass nach dem Scan die Browser mittlerweile wieder etwas flüssiger laufen allerdings erscheint das "Windows Version Installer" Fenster immernoch. Desweiteren wird beim öffnen einiger Ordner aktuell dieses angezeigt: "Der Datei ist kein Programm zur Durchführung dieser Aktion zugeordnet. Erstellen sie eine Zuordnung in der "Systemsteuerung" unter "Zuordnungen festlegen"." ein Öffnen ist dann nur noch über rechtsklick und "öffnen" möglich. |
|
11.07.2014, 10:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista => Windows Version Installer Bitte mal einen Lauf mit CF machen: Scan mit Combofix
__________________ --> Windows Vista => Windows Version Installer |
|
11.07.2014, 11:27
| #7 |
| | Windows Vista => Windows Version Installer emisoft LOG: Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: 10.07.2014 21:20:24
Benutzerkonto: Helweg-PC\Helweg
Scan Einstellungen:
Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
PUPs-Erkennung: Aus
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 10.07.2014 21:21:42
C:\Windows\System32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys gefunden: Adware.SwiftBrowse.N (B)
C:\Windows\System32\Drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys gefunden: Adware.SwiftBrowse.N (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} gefunden: Application.Win32.WebApp (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} gefunden: Application.Win32.WebApp (A)
C:\Program Files (x86)\application updater gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INSTALLER\PRODUCTS\A28B4D68DEBAA244EB686953B7074FEF gefunden: Application.AdReg (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS -> SPEEDANALYSIS@SPEEDANALYSIS.COM gefunden: Application.FireExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\APPLICATION UPDATER gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BABYLON gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DEALPLYLIVE gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCH SETTINGS gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} gefunden: Application.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} gefunden: Application.InstallMood (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\BBJCIAHCEAMGODCOIDKJPCHNOKGFPPHH gefunden: Application.WebExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\GAIILAAHIAHDEJAPGGENMDMAFPMBIPJE gefunden: Application.WebExt (A)
C:\ProgramData\WPM gefunden: Application.AdSome (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SUPWPM gefunden: Application.AdSome (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636 gefunden: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PELMEIDFHDLHLBJIMPABFCBNNOJBBOMA gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\WEBSSEARCHESSOFTWARE gefunden: Application.AdShort (A)
C:\Program Files (x86)\Searchprotect gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\PRESTIGE CASINO gefunden: Application.Win32.CasOnline (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DATAMNGR gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\INSTALLCORE gefunden: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCHPROTECT gefunden: Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR -> {3004627E-F8E9-4E8B-909D-316753CBA923} gefunden: Application.Win32.WebToolbar (A)
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll gefunden: Adware.Linkury.B (B)
C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe gefunden: Adware.SwiftBrowse.N (B)
C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe gefunden: Adware.SwiftBrowse.N (B)
C:\Program Files (x86)\ConstaSurf\bin\ConstaSurfBAApp.dll gefunden: Adware.SwiftBrowse.N (B)
C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe gefunden: Adware.SwiftBrowse.N (B)
C:\Program Files (x86)\ConstaSurf\bin\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}.dll gefunden: Adware.SwiftBrowse.N (B)
C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe gefunden: Adware.SwiftBrowse.N (B)
C:\Program Files (x86)\Pirrit\IEExtension\IEExtension.dll gefunden: Trojan.Generic.11394716 (B)
Gescannt 285526
Gefunden 41
Scan Ende: 10.07.2014 23:28:23
Scan Zeit: 2:06:41
ComboFix LOG: Code:
ATTFilter ComboFix 14-07-11.02 - Helweg 11.07.2014 11:49:52.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.1704 [GMT 2:00]
ausgeführt von:: c:\users\Helweg\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR6921.tmp
C:\DFR982C.tmp
C:\DFRE734.tmp
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\users\Frank\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Frank\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Helweg\AppData\Local\AnyProtectScannerSetup.exe
c:\users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Helweg\AppData\Local\Microsoft\Windows\Temporary Internet Files\ConstaSurf_iels
c:\users\Helweg\AppData\Local\nse1354.tmp
E:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-11 bis 2014-07-11 ))))))))))))))))))))))))))))))
.
.
2014-07-11 10:13 . 2014-07-11 10:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-10 18:11 . 2014-07-10 18:40 77312 ----a-w- c:\windows\system32\eamclean.exe
2014-07-10 17:47 . 2014-07-10 17:47 -------- d-----w- c:\programdata\Emsisoft
2014-07-10 08:07 . 2014-07-11 10:18 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2014-07-10 08:07 . 2014-07-10 08:07 -------- d-----w- c:\program files (x86)\ESET
2014-07-10 07:58 . 2014-07-10 07:58 -------- d-----w- c:\programdata\Malwarebytes
2014-07-08 15:42 . 2014-07-08 15:51 -------- d-----w- C:\FRST
2014-07-08 13:17 . 2014-07-08 13:17 -------- d-----w- c:\program files\Enigma Software Group
2014-07-08 13:16 . 2014-07-10 08:23 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-08 09:43 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CDB78B8-A85A-487D-A150-D83D4CBBCE59}\mpengine.dll
2014-07-03 16:20 . 2014-07-03 16:20 -------- d-----w- c:\program files\Defraggler
2014-07-03 15:51 . 2014-07-03 15:52 -------- d-----w- c:\program files\CCleaner
2014-06-30 20:47 . 2014-06-30 08:21 60096 ----a-w- c:\windows\system32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys
2014-06-28 10:29 . 2014-06-28 10:29 -------- d-----w- c:\program files (x86)\eDealsPop
2014-06-28 10:28 . 2014-07-10 18:09 -------- d-----w- c:\users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51
2014-06-28 09:26 . 2014-07-10 18:23 -------- d-----w- c:\program files (x86)\Application Updater
2014-06-28 09:26 . 2014-06-28 09:26 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar
2014-06-12 17:12 . 2014-06-11 12:53 60096 ----a-w- c:\windows\system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys
2014-06-11 17:29 . 2014-06-11 17:29 -------- d-----w- c:\users\Frank\AppData\Roaming\QuickScan
2014-06-11 17:26 . 2014-06-11 17:26 -------- d-----w- c:\program files (x86)\VideoLAN
2014-06-11 17:26 . 2014-06-11 17:26 -------- d-----w- c:\program files (x86)\PriceMeterLiveUpdate
2014-06-11 17:26 . 2014-06-11 17:26 -------- d-----w- c:\programdata\PriceMeterLiveUpdate
2014-06-11 17:26 . 2014-06-11 17:26 -------- d-----w- c:\users\Helweg\AppData\Local\PriceMeter
2014-06-11 17:25 . 2014-06-11 17:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-06-11 17:24 . 2014-07-10 18:23 -------- d-----w- c:\program files (x86)\ConstaSurf
2014-06-11 17:23 . 2014-07-10 18:23 -------- d-----w- c:\program files (x86)\SearchProtect
2014-06-11 16:50 . 2014-04-05 09:10 1422784 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 16:50 . 2014-04-26 18:21 622592 ----a-w- c:\windows\system32\usp10.dll
2014-06-11 16:50 . 2014-03-10 06:26 1869824 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 16:50 . 2014-03-10 06:26 1794560 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 16:50 . 2014-03-10 01:22 1401344 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-11 16:50 . 2014-03-10 01:22 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 01:01 . 2006-11-02 12:35 96441528 ----a-w- c:\windows\system32\mrt.exe
2014-07-03 14:22 . 2013-03-31 10:24 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-06 23:02 . 2014-07-09 23:07 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2014-06-06 22:56 . 2014-07-09 23:07 421376 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-06-06 08:59 . 2014-07-09 23:07 506880 ----a-w- c:\windows\SysWow64\qedit.dll
2014-05-27 13:19 . 2013-03-31 10:24 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-18 08:36 . 2012-05-18 09:17 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-18 08:36 . 2011-07-29 14:14 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-26 16:01 . 2014-06-11 16:50 502784 ----a-w- c:\windows\SysWow64\usp10.dll
2014-04-18 16:19 . 2014-04-18 16:19 29800 ----a-w- c:\windows\system32\drivers\nvsmu.sys
2014-04-18 16:19 . 2009-01-26 09:37 239720 ----a-w- c:\windows\system32\NVCOSMU.DLL
2014-04-18 16:19 . 2009-01-26 09:37 239720 ----a-w- c:\windows\system32\NVCOSMB.DLL
2014-04-18 16:18 . 2014-04-18 16:18 343400 ----a-w- c:\windows\system32\drivers\nvmfdx64.sys
2014-04-18 16:18 . 2009-01-26 09:37 229480 ----a-w- c:\windows\system32\nvconrm.dll
2014-04-18 16:18 . 2014-04-18 16:22 758272 ----a-w- c:\windows\system32\cohelper.dll
2014-04-18 16:18 . 2014-04-18 16:18 953344 ----a-w- c:\windows\system32\fdco9.dll
2010-03-25 13:19 . 2010-03-25 13:19 2808832 ----a-w- c:\program files (x86)\Common FilesDDBACSetup.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2014-06-16 15:13 1398592 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
2014-02-26 13:31 193024 ----a-w- c:\program files\V-bates\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
2009-11-08 08:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-30 16:55 280736 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll" [2014-06-16 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EnergySettings"="c:\program files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2014-07-10 4841824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files (x86)\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 04bf3f87162335f.exe;04bf3f87162335f.exe;c:\users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2\04bf3f87162335f.exe;c:\users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2\04bf3f87162335f.exe [x]
R2 500846993a1f840578b6d445a5a24d51.exe;500846993a1f840578b6d445a5a24d51.exe;c:\users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51\500846993a1f840578b6d445a5a24d51.exe;c:\users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51\500846993a1f840578b6d445a5a24d51.exe [x]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\Drivers\Achernar.sys;c:\windows\SYSNATIVE\Drivers\Achernar.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 17:35 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 08:36]
.
2014-07-11 c:\windows\Tasks\FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13}.job
- c:\program files\V-bates\PrefHelper.exe [2014-04-15 13:32]
.
2014-07-11 c:\windows\Tasks\FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36}.job
- c:\program files\V-bates\PrefHelper.exe [2014-04-15 13:32]
.
2014-07-11 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-11 15:16]
.
2014-05-11 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-11 15:16]
.
2014-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-17 13:41]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-01 11:16]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-01 11:16]
.
2014-07-11 c:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-06-11 17:26]
.
2014-07-11 c:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-06-11 17:26]
.
2014-07-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2014-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-30 16:55 340640 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE64.dll" [2014-06-16 1997120]
.
[HKEY_CLASSES_ROOT\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6962720]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C&q={searchTerms}
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396983950&from=tugs&uid=3219913727_67191_A449BC1C&q={searchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGVKu6Q001nhymEycOvFS34kAiVhtFCkN9w0eczA3sLlyUT5FAxqXD2xWE9jZCG3Grq-LqvjzI1ayVEZ01qtcM9A,&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - c:\users\Helweg\AppData\Roaming\Slick Savings\Coupons.dll
BHO-{d7356335-81bf-4769-bfbd-2e2889138641} - c:\program files (x86)\ConstaSurf\82EB132D-0662-4EC3-AA83-8E64F1863962.dll
Toolbar-{3004627E-F8E9-4E8B-909D-316753CBA923} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-AnyProtect Scanner - c:\program files (x86)\AnyProtectEx\AnyProtect.exe
Wow6432Node-HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
AddRemove-9A08C510-8505-2B66-CAC9-1B6A5774EBB0 - c:\program files (x86)\BlockAndSurf-soft\Uninstall.exe
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
AddRemove-{3A787631-66A2-4634-B928-A37E73B58FB6} - c:\users\Helweg\AppData\Roaming\Slick Savings\uninstall.exe
AddRemove-Funmoods - c:\users\Helweg\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2287802022-4268522758-2682476950-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2d,14,55,8b,bf,cf,2c,ba,fb,ba,3c,8f,f5,d3,12,93,07,c1,f2,b4,cb,d3,5b,
a0,26,2b,6c,09,24,bf,05,87,f5,40,2b,8c,c1,e8,71,e5,d5,83,00,54,da,10,4a,ee,\
"??"=hex:6c,33,8b,aa,4e,0f,b1,49,79,b4,8c,98,2d,f4,f8,11
.
[HKEY_USERS\S-1-5-21-2287802022-4268522758-2682476950-1000\Software\SecuROM\License information*]
"datasecu"=hex:4f,7d,43,26,91,14,ec,e8,c2,07,d2,dc,d7,2e,0f,4b,72,51,06,ee,51,
de,43,2a,d1,dc,09,99,2a,68,06,80,5b,fd,89,64,d7,9c,0c,97,53,09,49,88,0b,be,\
"rkeysecu"=hex:cd,cb,32,8e,b6,b7,b8,57,89,f1,31,ba,31,c9,77,be
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2207566~31bf3856ad364e35~amd64~~6.0.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000000
"CurrentState"=dword:00000007
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2541763~31bf3856ad364e35~amd64~~6.0.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000000
"CurrentState"=dword:00000007
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2803821~31bf3856ad364e35~amd64~~6.0.1.3]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2832412~31bf3856ad364e35~amd64~~6.0.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2833947~31bf3856ad364e35~amd64~~6.0.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2834886~31bf3856ad364e35~amd64~~6.0.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2835361~31bf3856ad364e35~amd64~~6.0.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2835364~31bf3856ad364e35~amd64~~6.0.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2844287~31bf3856ad364e35~amd64~~6.0.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2845187~31bf3856ad364e35~amd64~~6.0.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2846071~31bf3856ad364e35~amd64~~9.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2850851~31bf3856ad364e35~amd64~~6.0.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB971737~31bf3856ad364e35~amd64~~6.0.1.3]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000000
"CurrentState"=dword:00000007
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB975467~31bf3856ad364e35~amd64~~6.0.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000007
"CurrentState"=dword:00000007
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\users\Helweg\AppData\Roaming\VOPackage\VOsrv.exe
c:\program files (x86)\Canon\CAL\CALMAIN.exe
c:\program files (x86)\avira\antivir desktop\ipmGui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-11 12:25:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-07-11 10:25
.
Vor Suchlauf: 3.365.052.416 Bytes frei
Nach Suchlauf: 4.770.557.952 Bytes frei
.
- - End Of File - - 9B6A8D748FF577D09CB7305F154D06A7
5C616939100B85E558DA92B899A0FC36
|
|
11.07.2014, 15:45
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista => Windows Version Installer Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2014, 09:55
| #9 |
| | Windows Vista => Windows Version Installer adw Cleaner LOG: Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 11/07/2014 um 18:59:16
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Helweg - HELWEG-PC
# Gestartet von : C:\Users\Helweg\Desktop\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : BlockAndSurf
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : PirritDesktop
[#] Dienst Gelöscht : PirritUpdater
[#] Dienst Gelöscht : pricemeterliveUpdate
[#] Dienst Gelöscht : pricemeterliveUpdatem
[#] Dienst Gelöscht : RegFltrX64
Dienst Gelöscht : vosr
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
[!] Ordner Gelöscht : C:\ProgramData\IObit\Driver Booster
[!] Ordner Gelöscht : C:\ProgramData\NCH Software
[!] Ordner Gelöscht : C:\ProgramData\PriceMeterLiveUpdate
[!] Ordner Gelöscht : C:\ProgramData\Tarma Installer
[!] Ordner Gelöscht : C:\ProgramData\Uniblue
[!] Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
[!] Ordner Gelöscht : C:\Program Files (x86)\BlockAndSurf-soft
[!] Ordner Gelöscht : C:\Program Files (x86)\ConstaSurf
[!] Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
[!] Ordner Gelöscht : C:\Program Files (x86)\IObit Apps Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\IObit\Driver Booster
[!] Ordner Gelöscht : C:\Program Files (x86)\MediaPlayerplus
[!] Ordner Gelöscht : C:\Program Files (x86)\Pirrit
[!] Ordner Gelöscht : C:\Program Files (x86)\PriceMeterLiveUpdate
[!] Ordner Gelöscht : C:\Program Files (x86)\Speedial
[!] Ordner Gelöscht : C:\Program Files (x86)\webget
[!] Ordner Gelöscht : C:\Program Files (x86)\WinRST
[!] Ordner Gelöscht : C:\Windows\SysWOW64\Browser Manager
[!] Ordner Gelöscht : C:\Program Files\V-bates
[!] Ordner Gelöscht : C:\Users\Frank\AppData\LocalLow\AskToolbar
[!] Ordner Gelöscht : C:\Users\Frank\AppData\LocalLow\Conduit
[!] Ordner Gelöscht : C:\Users\Frank\AppData\LocalLow\ConduitEngine
[!] Ordner Gelöscht : C:\Users\Frank\AppData\LocalLow\Dealio
[!] Ordner Gelöscht : C:\Users\Frank\AppData\LocalLow\Delta
[!] Ordner Gelöscht : C:\Users\Frank\AppData\LocalLow\IncrediMail_MediaBar_2
[!] Ordner Gelöscht : C:\Users\Frank\AppData\LocalLow\PriceGong
[!] Ordner Gelöscht : C:\Users\Frank\AppData\LocalLow\Search Settings
[!] Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\Conduit
[!] Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\ConduitEngine
[!] Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\Dealio
[!] Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\IncrediMail_MediaBar_2
[!] Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\PriceGong
[!] Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\Search Settings
[!] Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\SweetIM
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Roaming\NCH Software
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\globalUpdate
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\PackageAware
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\PriceMeter
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\PriceMeterLiveUpdate
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\WinRST
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\LocalLow\BabylonToolbar
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\LocalLow\Conduit
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\LocalLow\Mysearchdial
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\LocalLow\PriceGong
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\LocalLow\Search Settings
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\IObit\Driver Booster
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Pirrit
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\SpeedanAlysis
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Speedial
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\VOPackage
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[!] Ordner Gelöscht : C:\Users\Helweg\Documents\PC Speed Maximizer
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\ICQToolbarData
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\ConduitCommon
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\ICQToolbarData
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\SweetIMToolbarData
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\CT2724386
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\vshare@toolbar
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
[!] Ordner Gelöscht : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa
[!] Ordner Gelöscht : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Ordner Gelöscht : C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[!] Ordner Gelöscht : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\dealio@mybrowserbar.com
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\wtxpcom@mybrowserbar.com
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Datei Gelöscht : C:\Users\Helweg\AppData\Local\funmoods.crx
Datei Gelöscht : C:\Users\Helweg\AppData\Local\speedial.crx
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\invalidprefs.js
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\browsemngr.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-11.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-11.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-12.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-12.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-13.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-14.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-15.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-16.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-17.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-18.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-19.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-20.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-21.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-22.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-23.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-24.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-25.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\searchplugins\icqplugin-9.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-9.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\Startsear.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\web-search.xml
Datei Gelöscht : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\user.js
Datei Gelöscht : C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\pricemeterdownloader
Datei Gelöscht : C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\Tasks\FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13}.job
Datei Gelöscht : C:\Windows\System32\Tasks\FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13}
Datei Gelöscht : C:\Windows\Tasks\FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36}.job
Datei Gelöscht : C:\Windows\System32\Tasks\FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36}
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Schlüssel Gelöscht : HKCU\Software\a2dad0e66fed12
Schlüssel Gelöscht : HKLM\SOFTWARE\a2dad0e66fed12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D7356335-81BF-4769-BFBD-2E2889138641}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41E2BE59-5C34-46AB-B743-6678BC94F42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7356335-81BF-4769-BFBD-2E2889138641}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42EC-B55A-3CAEB12DBF58}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\ConstaSurf
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\performersoft llc
Schlüssel Gelöscht : HKCU\Software\Pirrit
Schlüssel Gelöscht : HKCU\Software\PriceMeterLiveUpdate
Schlüssel Gelöscht : HKCU\Software\SearchProtectINT
Schlüssel Gelöscht : HKCU\Software\Speedial
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\webget
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blockAndSurf
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ConstaSurf
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPlyLive
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\MediaPlayerplus
Schlüssel Gelöscht : HKLM\Software\Pirrit
Schlüssel Gelöscht : HKLM\Software\PriceMeterLiveUpdate
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerplus
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speedial
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3A787631-66A2-4634-B928-A37E73B58FB6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ConstaSurf
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MediaPlayerplus
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Speedial
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webssearches uninstaller
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Pirrit
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConstaSurf
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16561
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ Datei : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\huwpm4ae.default\prefs.js ]
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "lb.de||wikibooks||illuminaten%202.2.20.13.19.5.10.12.19.5.10.12.17.8.4.v.18.13.4.8.19.5.10.12.2.2.20.13.4.8.17.9.2.2.20.13.||illuminaten%20codes2.2.20.13.19.5.10.12.19[...]
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.0.19");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "123748344112374834381237483441439");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1277895211);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.1.4");
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
[ Datei : C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\prefs.js ]
Zeile gelöscht : user_pref("CT2724386..clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2724386.BrowserCompStateIsOpen_129464706887642629", true);
Zeile gelöscht : user_pref("CT2724386.BrowserCompStateIsOpen_129723002078767475", true);
Zeile gelöscht : user_pref("CT2724386.BrowserCompStateIsOpen_129847484031223416", true);
Zeile gelöscht : user_pref("CT2724386.BrowserCompStateIsOpen_129851871904280954", true);
Zeile gelöscht : user_pref("CT2724386.BrowserCompStateIsOpen_129904362604336829", true);
Zeile gelöscht : user_pref("CT2724386.BrowserCompStateIsOpen_129992833759124499", true);
Zeile gelöscht : user_pref("CT2724386.BrowserCompStateIsOpen_130040906678978474", true);
Zeile gelöscht : user_pref("CT2724386.CT2724386", "CT2724386");
Zeile gelöscht : user_pref("CT2724386.CurrentServerDate", "21-2-2013");
Zeile gelöscht : user_pref("CT2724386.DSInstall", false);
Zeile gelöscht : user_pref("CT2724386.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2724386.DialogsGetterLastCheckTime", "Mon Feb 18 2013 18:28:24 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2724386.FirstServerDate", "26-4-2012");
Zeile gelöscht : user_pref("CT2724386.FirstTime", true);
Zeile gelöscht : user_pref("CT2724386.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2724386.FirstTimeHiddenVer", true);
Zeile gelöscht : user_pref("CT2724386.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2724386.HPInstall", false);
Zeile gelöscht : user_pref("CT2724386.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2724386.Initialize", true);
Zeile gelöscht : user_pref("CT2724386.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2724386.InstallationType", "Unknown");
Zeile gelöscht : user_pref("CT2724386.InstalledDate", "Thu Apr 26 2012 10:52:42 GMT+0200");
Zeile gelöscht : user_pref("CT2724386.IsGrouping", false);
Zeile gelöscht : user_pref("CT2724386.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2724386.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2724386.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2724386.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2724386.LanguagePackLastCheckTime", "Thu Feb 21 2013 15:58:45 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2724386.LastLogin_3.12.2.3", "Wed May 30 2012 19:05:06 GMT+0200");
Zeile gelöscht : user_pref("CT2724386.LastLogin_3.13.0.6", "Mon Jul 16 2012 20:42:04 GMT+0200");
Zeile gelöscht : user_pref("CT2724386.LastLogin_3.14.1.0", "Fri Aug 24 2012 10:49:21 GMT+0200");
Zeile gelöscht : user_pref("CT2724386.LastLogin_3.15.1.0", "Mon Nov 12 2012 20:22:10 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.LastLogin_3.16.0.3", "Wed Feb 13 2013 21:16:16 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.LastLogin_3.18.0.7", "Thu Feb 21 2013 15:58:45 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.LatestVersion", "3.18.0.7");
Zeile gelöscht : user_pref("CT2724386.Locale", "en");
Zeile gelöscht : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2724386.OriginalFirstVersion", "3.12.2.3");
Zeile gelöscht : user_pref("CT2724386.SearchCaption", "IncrediMail MediaBar 2 Customized Web Search");
Zeile gelöscht : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724386&q=");
Zeile gelöscht : user_pref("CT2724386.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Thu Feb 21 2013 15:58:43 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Zeile gelöscht : user_pref("CT2724386.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2724386.ServiceMapLastCheckTime", "Thu Feb 21 2013 15:58:44 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.SettingsLastCheckTime", "Thu Feb 21 2013 15:58:43 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.SettingsLastUpdate", "1361454844");
Zeile gelöscht : user_pref("CT2724386.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2724386&SearchSource=13");
Zeile gelöscht : user_pref("CT2724386.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386");
Zeile gelöscht : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2724386.UserID", "UN46815488226572825");
Zeile gelöscht : user_pref("CT2724386.alertChannelId", "1116652");
Zeile gelöscht : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2724386.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2724386.initDone", true);
Zeile gelöscht : user_pref("CT2724386.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2724386.navigateToUrlOnSearch", false);
Zeile gelöscht : user_pref("CT2724386.revertSettingsEnabled", false);
Zeile gelöscht : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2724386.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2724386.testingCtid", "");
Zeile gelöscht : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Thu Feb 21 2013 15:58:45 GMT+0100");
Zeile gelöscht : user_pref("CT2724386.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2724386/CT2724386", "\"e597978f9732adb0b775f9b3fa9b6c5f3\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", "\"1359617068\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386", "\"ccd90dbc0806c30e56e17c4594b38942\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"90a6f50158fc69d971d4e5b58046cce2\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f8fa53c00cf49b2afaeb2f3990184a99\"");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2724386");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2724386");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2724386");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "723e5932-9b9a-43af-8569-73530cc6eab1");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "a449bc1c000000000000002421113cb2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15662");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a449bc1c000000000000002421113cb2&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=115935&tt=4612_6&babsrc=NT_ss&mntrId=a449bc1c000000000000002421113cb2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:49:04");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=");
Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr%40funmoods.com:1.5.1,vshare%40toolbar:2.0.0,%7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21,%7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0,toolbar%40web.[...]
Zeile gelöscht : user_pref("extensions.funmoods.aflt", "dpg");
Zeile gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Zeile gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Zeile gelöscht : user_pref("extensions.funmoods.dfltSrch", false);
Zeile gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Zeile gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Zeile gelöscht : user_pref("extensions.funmoods.excTlbr", true);
Zeile gelöscht : user_pref("extensions.funmoods.fmupdtFirst", false);
Zeile gelöscht : user_pref("extensions.funmoods.hmpg", false);
Zeile gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=dpg&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=317201033");
Zeile gelöscht : user_pref("extensions.funmoods.id", "002421113CB2BC1C");
Zeile gelöscht : user_pref("extensions.funmoods.instlDay", "15562");
Zeile gelöscht : user_pref("extensions.funmoods.instlRef", "");
Zeile gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Zeile gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:34:25");
Zeile gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Zeile gelöscht : user_pref("extensions.funmoods.newTab", false);
Zeile gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=dpg&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=317201033");
Zeile gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Search");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=dpg&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=317201033&q=")[...]
Zeile gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Zeile gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:34:25");
Zeile gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Zeile gelöscht : user_pref("extensions.funmoods_i.newTab", false);
Zeile gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:34:25");
Zeile gelöscht : user_pref("vshare.install.date", "1346679180");
Zeile gelöscht : user_pref("vshare.install.finished", "2.0.0");
Zeile gelöscht : user_pref("vshare.install.fresh", "false");
Zeile gelöscht : user_pref("vshare.install.guid", "{bad5f489-2835-458d-9c90-65340a979f73}");
Zeile gelöscht : user_pref("vshare.install.isHidden", true);
Zeile gelöscht : user_pref("vshare.install.laststatreq", "1361404800000");
Zeile gelöscht : user_pref("vshare.install.newtab", false);
Zeile gelöscht : user_pref("vshare.install.overlayVersion", 1);
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=115935&tt=4612_6&babsrc=SP_ss&mntrId=a449bc1c000000000000002421113cb2
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1599400136544547&q={searchTerms}
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DtB0AtAyD0E0EtGtC0AtAyEtG0FtC0ByCtG0F0BzztBtGyC0D0B0DtDzz0C0CzyyByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=429708093&ir=
Gelöscht [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
Gelöscht [Homepage] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGV6F1x2sWxaSPAls1QXEPUZrX3XGWfnxeE2qgpFCtS5J9ABal_971kASD7rTwjrkS2MPVIjCWlqZP2hRV39xqQ,,
Gelöscht [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Gelöscht [Extension] : pfndaklgolladniicklehhancnlgocpp
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
[ Datei : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://search.icq.com/search/results/?q={searchTerms}&ch_id=icq-fx-plug
Gelöscht [Search Provider] : hxxp://www.bild.de/kddb/cms/websearch.do?site=bto&query={searchTerms}
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DtB0AtAyD0E0EtGtC0AtAyEtG0FtC0ByCtG0F0BzztBtGyC0D0B0DtDzz0C0CzyyByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=429708093&ir=
Gelöscht [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
Gelöscht [Homepage] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5C97GjXn1WpZ8nmVy1X5L434aDZ1DYHciMR7xDaT0XQVO9jVD1tI8oigqz6SS7AaGV6F1x2sWxaSPAls1QXEPUZrX3XGWfnxeE2qgpFCtS5J9ABal_971kASD7rTwjrkS2MPVIjCWlqZP2hRV39xqQ,,
Gelöscht [Extension] : iagcajndpnfncplednpbnkahadegklfa
Gelöscht [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Gelöscht [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Gelöscht [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Gelöscht [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Gelöscht [Extension] : pfndaklgolladniicklehhancnlgocpp
Gelöscht [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
Gelöscht [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
[ Datei : C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Gelöscht [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : iagcajndpnfncplednpbnkahadegklfa
Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [59776 octets] - [11/07/2014 17:49:39]
AdwCleaner[S0].txt - [55598 octets] - [11/07/2014 18:59:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [55659 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Helweg on 11.07.2014 at 22:51:24,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2287802022-4268522758-2682476950-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{13DD0DAB-E201-4CFE-9FFF-82D9607E48ED}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{13DD0DAB-E201-4CFE-9FFF-82D9607E48ED}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B02CF801-09A6-4D54-8304-7241DB4CA721}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B83FFEF7-264A-45BA-8862-3CDCC5F6509D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CD8517E8-4747-4ABB-A56B-D2B728494DBB}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.07.2014 at 23:16:30,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Helweg (administrator) on HELWEG-PC on 12-07-2014 10:46:10
Running from C:\Users\Helweg\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Frank\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Dropbox, Inc.) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Fujitsu Siemens Computers GmbH) C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Fujitsu Siemens Computers GmbH) C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [EnergySettings] => C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe [113664 2008-09-19] (Fujitsu Siemens Computers GmbH)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-10] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-08-21] (Google Inc.)
HKU\S-1-5-21-2287802022-4268522758-2682476950-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-2287802022-4268522758-2682476950-1004\...\Run: [Spotify] => C:\Users\Frank\AppData\Roaming\Spotify\Spotify.exe [4480920 2013-03-25] ()
HKU\S-1-5-21-2287802022-4268522758-2682476950-1004\...\Run: [Spotify Web Helper] => C:\Users\Frank\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104280 2013-03-25] (Spotify Ltd)
HKU\S-1-5-21-2287802022-4268522758-2682476950-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] ()
HKU\S-1-5-21-2287802022-4268522758-2682476950-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-2287802022-4268522758-2682476950-1004\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2287802022-4268522758-2682476950-1004\...\MountPoints2: {b3056f58-f81e-11dd-b4d8-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2287802022-4268522758-2682476950-1005\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0CA5C2A4-FC7B-42AC-B2BE-F76A4326CE57} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
SearchScopes: HKCU - {B02CF801-09A6-4D54-8304-7241DB4CA721} URL =
SearchScopes: HKCU - {B83FFEF7-264A-45BA-8862-3CDCC5F6509D} URL =
SearchScopes: HKCU - {CD8517E8-4747-4ABB-A56B-D2B728494DBB} URL =
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=114576&ilc=12&p=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 - C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll No File
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\ascsurfingprotection@iobit.com [2014-04-18]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-19]
FF Extension: Greasemonkey - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2013-01-26]
FF Extension: WEB.DE MailCheck - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\toolbar@web.de.xpi [2011-12-22]
FF Extension: vshare Add-On - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-17]
FF Extension: Greasemonkey - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-04]
FF HKCU\...\Firefox\Extensions: [{265EBC63-A567-27EE-3841-675D6F8D29FC}] - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Google Wallet) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-10] (Emsisoft GmbH) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed]
S2 gupdate1c9b2bb5d066bbd; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-04-01] (Google Inc.)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S2 04bf3f87162335f.exe; C:\Users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2\04bf3f87162335f.exe [X]
S2 500846993a1f840578b6d445a5a24d51.exe; C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51\500846993a1f840578b6d445a5a24d51.exe [X]
S2 eaa8b969887a12a.exe; C:\Users\Frank\AppData\Local\bfe77b92df5c1641fd95342b38cd3be4\eaa8b969887a12a.exe [X]
S2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [X]
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) [File not signed]
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) [File not signed]
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) [File not signed]
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) [File not signed]
R0 Achernar; C:\Windows\System32\Drivers\Achernar.sys [34104 2009-04-05] (NewSoft Technology Corporation)
R0 Achernar; C:\Windows\SysWOW64\Drivers\Achernar.sys [18432 2007-02-05] (NewSoft Technology Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) [File not signed]
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2009-09-03] (Texas Instruments) [File not signed]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}t64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys [60096 2014-06-11] (StdLib)
R1 {bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64; C:\Windows\System32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys [60096 2014-06-30] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Helweg\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-12 10:45 - 2014-07-12 10:45 - 00000000 ____D () C:\Users\Helweg\Desktop\FRST-OlderVersion
2014-07-11 23:16 - 2014-07-11 23:16 - 00001845 _____ () C:\Users\Helweg\Desktop\JRT.txt
2014-07-11 22:51 - 2014-07-11 22:51 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 22:50 - 2014-07-11 22:50 - 01016261 _____ (Thisisu) C:\Users\Helweg\Desktop\JRT.exe
2014-07-11 17:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-11 17:49 - 2014-07-11 19:52 - 00000000 ____D () C:\AdwCleaner
2014-07-11 17:46 - 2014-07-11 17:46 - 01348263 _____ () C:\Users\Helweg\Desktop\adwcleaner_3.215.exe
2014-07-11 12:25 - 2014-07-11 12:25 - 00027990 _____ () C:\ComboFix.txt
2014-07-11 11:44 - 2014-07-11 12:25 - 00000000 ____D () C:\Qoobox
2014-07-11 11:44 - 2014-07-11 12:25 - 00000000 ____D () C:\ComboFix
2014-07-11 11:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-11 11:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-11 11:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-11 11:43 - 2014-07-11 12:23 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 11:43 - 2014-07-11 11:43 - 05218032 ____R (Swearware) C:\Users\Helweg\Desktop\ComboFix.exe
2014-07-11 11:42 - 2014-07-11 11:43 - 05218032 _____ (Swearware) C:\Users\Helweg\Downloads\ComboFix.exe
2014-07-10 20:57 - 2014-07-10 20:57 - 00001547 _____ () C:\Users\Helweg\Downloads\folder_fix_w7.zip
2014-07-10 20:57 - 2014-07-10 20:57 - 00001547 _____ () C:\Users\Helweg\Downloads\folder_fix_w7 (1).zip
2014-07-10 20:11 - 2014-07-10 20:40 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-07-10 20:11 - 2014-07-10 20:40 - 00000288 _____ () C:\Windows\system32\eamclean.dat
2014-07-10 19:47 - 2014-07-10 19:47 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-10 10:32 - 2014-07-10 10:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-10 10:32 - 2014-07-10 10:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-10 10:08 - 2014-07-10 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-10 10:07 - 2014-07-12 10:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-10 10:07 - 2014-07-10 10:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 10:03 - 2014-07-10 10:05 - 235258152 _____ (Emsisoft GmbH ) C:\Users\Helweg\Downloads\EmsisoftAntiMalwareSetup-9.0.4142.exe
2014-07-10 09:58 - 2014-07-10 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 09:56 - 2014-07-10 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 09:56 - 2014-07-10 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-10 01:07 - 2014-06-07 06:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 01:07 - 2014-06-07 05:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 01:07 - 2014-06-07 04:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 01:07 - 2014-06-07 04:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 01:07 - 2014-06-07 04:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 01:07 - 2014-06-07 04:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 01:07 - 2014-06-07 04:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-10 01:07 - 2014-06-07 04:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 01:07 - 2014-06-07 04:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 01:07 - 2014-06-07 04:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 01:07 - 2014-06-07 04:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 01:07 - 2014-06-07 04:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 01:07 - 2014-06-07 04:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 01:07 - 2014-06-07 04:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 01:07 - 2014-06-07 04:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 01:07 - 2014-06-07 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 01:07 - 2014-06-07 04:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-10 01:07 - 2014-06-07 04:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-10 01:07 - 2014-06-07 04:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 01:07 - 2014-06-07 04:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-10 01:07 - 2014-06-07 04:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 01:07 - 2014-06-07 02:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 01:07 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 01:07 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 01:07 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 01:07 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 01:07 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 01:07 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 01:07 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-10 01:07 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 01:07 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 01:07 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-10 01:07 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 01:07 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 01:07 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 01:07 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 01:07 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-10 01:07 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 01:07 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 01:07 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-10 01:07 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 01:07 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-10 01:07 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 01:07 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 01:07 - 2014-06-06 09:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 01:07 - 2014-05-30 09:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 17:50 - 2014-07-08 17:51 - 00030440 _____ () C:\Users\Helweg\Desktop\Addition.txt
2014-07-08 17:43 - 2014-07-12 10:46 - 00020938 _____ () C:\Users\Helweg\Desktop\FRST.txt
2014-07-08 17:42 - 2014-07-12 10:46 - 00000000 ____D () C:\FRST
2014-07-08 17:42 - 2014-07-12 10:45 - 02084864 _____ (Farbar) C:\Users\Helweg\Desktop\FRST64.exe
2014-07-08 17:41 - 2014-07-08 17:41 - 02084352 _____ (Farbar) C:\Users\Helweg\Downloads\FRST64.exe
2014-07-08 15:18 - 2014-07-08 15:18 - 00000000 _____ () C:\autoexec.bat
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-08 15:16 - 2014-07-10 10:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-08 15:07 - 2014-07-08 15:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Helweg\Downloads\sh-remover.exe
2014-07-08 14:14 - 2014-07-08 14:14 - 00822448 _____ (Reimage®) C:\Users\Helweg\Downloads\ReimageRepair.exe
2014-07-08 13:35 - 2014-07-11 22:29 - 00160436 _____ () C:\Windows\PFRO.log
2014-07-08 13:17 - 2014-07-08 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-08 13:06 - 2014-07-08 13:08 - 141865920 _____ () C:\Users\Helweg\Downloads\avira_free_antivirus45_de.exe
2014-07-04 03:04 - 2014-07-04 03:04 - 00849408 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI553C.txt
2014-07-03 18:20 - 2014-07-03 18:20 - 00001638 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-03 18:19 - 2014-07-03 18:19 - 04362512 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\dfsetup218.exe
2014-07-03 17:52 - 2014-07-03 17:52 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-03 17:51 - 2014-07-03 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:51 - 2014-07-03 17:51 - 00000736 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:51 - 2014-07-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:47 - 2014-07-03 17:48 - 03736040 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\ccsetup415_slim.exe
2014-07-03 16:47 - 2014-07-03 16:49 - 04211448 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_x64_MSI7CD9.txt
2014-07-03 16:37 - 2014-07-03 16:49 - 00346038 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install.txt
2014-07-03 16:37 - 2014-07-03 16:49 - 00010576 _____ () C:\Users\Helweg\AppData\Local\setup.log
2014-07-03 16:37 - 2014-07-03 16:38 - 00184707 _____ () C:\Users\Helweg\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00872384 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_LangPack_MSI752F.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error.txt
2014-07-03 16:36 - 2014-07-03 16:37 - 00156252 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install_lp.txt
2014-07-03 16:36 - 2014-07-03 16:36 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error_lp.txt
2014-06-30 22:47 - 2014-06-30 10:21 - 00060096 _____ (StdLib) C:\Windows\system32\Drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys
2014-06-28 12:29 - 2014-06-28 12:29 - 00000000 ____D () C:\Program Files (x86)\eDealsPop
2014-06-28 12:28 - 2014-07-10 20:09 - 00000000 ____D () C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (7).exe
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (6).exe
2014-06-12 19:12 - 2014-06-11 14:53 - 00060096 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys
==================== One Month Modified Files and Folders =======
2014-07-12 10:52 - 2014-07-08 17:43 - 00020938 _____ () C:\Users\Helweg\Desktop\FRST.txt
2014-07-12 10:46 - 2014-07-10 10:07 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-12 10:46 - 2014-07-08 17:42 - 00000000 ____D () C:\FRST
2014-07-12 10:45 - 2014-07-12 10:45 - 00000000 ____D () C:\Users\Helweg\Desktop\FRST-OlderVersion
2014-07-12 10:45 - 2014-07-08 17:42 - 02084864 _____ (Farbar) C:\Users\Helweg\Desktop\FRST64.exe
2014-07-12 10:41 - 2013-12-28 01:40 - 00000292 _____ () C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job
2014-07-12 10:41 - 2009-06-30 12:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-12 10:40 - 2009-06-30 12:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-12 10:38 - 2009-04-01 13:12 - 00001064 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-07-12 09:50 - 2013-01-07 20:10 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Dropbox
2014-07-12 09:49 - 2014-05-16 19:36 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\DropboxMaster
2014-07-12 09:49 - 2013-01-07 20:12 - 00000000 ___RD () C:\Users\Frank\Dropbox
2014-07-12 09:48 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-12 09:47 - 2009-01-26 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-12 09:47 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 09:47 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 09:46 - 2009-03-17 20:52 - 01785836 _____ () C:\Windows\WindowsUpdate.log
2014-07-12 09:46 - 2006-11-02 17:42 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 09:44 - 2011-05-21 13:57 - 00097832 _____ () C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 00:40 - 2013-12-28 01:40 - 00000300 _____ () C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job
2014-07-11 23:16 - 2014-07-11 23:16 - 00001845 _____ () C:\Users\Helweg\Desktop\JRT.txt
2014-07-11 22:51 - 2014-07-11 22:51 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 22:50 - 2014-07-11 22:50 - 01016261 _____ (Thisisu) C:\Users\Helweg\Desktop\JRT.exe
2014-07-11 22:29 - 2014-07-08 13:35 - 00160436 _____ () C:\Windows\PFRO.log
2014-07-11 22:29 - 2014-04-18 17:51 - 00000000 ____D () C:\Users\Helweg\AppData\Roaming\IObit
2014-07-11 22:29 - 2014-04-18 17:51 - 00000000 ____D () C:\ProgramData\IObit
2014-07-11 22:29 - 2014-04-18 17:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-11 19:52 - 2014-07-11 17:49 - 00000000 ____D () C:\AdwCleaner
2014-07-11 17:46 - 2014-07-11 17:46 - 01348263 _____ () C:\Users\Helweg\Desktop\adwcleaner_3.215.exe
2014-07-11 16:04 - 2013-02-22 13:27 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-07-11 12:25 - 2014-07-11 12:25 - 00027990 _____ () C:\ComboFix.txt
2014-07-11 12:25 - 2014-07-11 11:44 - 00000000 ____D () C:\Qoobox
2014-07-11 12:25 - 2014-07-11 11:44 - 00000000 ____D () C:\ComboFix
2014-07-11 12:25 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default
2014-07-11 12:23 - 2014-07-11 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 12:17 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-11 11:43 - 2014-07-11 11:43 - 05218032 ____R (Swearware) C:\Users\Helweg\Desktop\ComboFix.exe
2014-07-11 11:43 - 2014-07-11 11:42 - 05218032 _____ (Swearware) C:\Users\Helweg\Downloads\ComboFix.exe
2014-07-10 21:02 - 2011-07-04 00:04 - 00000000 ____D () C:\Users\Helweg\AppData\Local\CrashDumps
2014-07-10 20:57 - 2014-07-10 20:57 - 00001547 _____ () C:\Users\Helweg\Downloads\folder_fix_w7.zip
2014-07-10 20:57 - 2014-07-10 20:57 - 00001547 _____ () C:\Users\Helweg\Downloads\folder_fix_w7 (1).zip
2014-07-10 20:40 - 2014-07-10 20:11 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-07-10 20:40 - 2014-07-10 20:11 - 00000288 _____ () C:\Windows\system32\eamclean.dat
2014-07-10 20:38 - 2009-03-19 17:02 - 00000000 ____D () C:\Users\Helweg\Desktop\Programme
2014-07-10 20:09 - 2014-06-28 12:28 - 00000000 ____D () C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51
2014-07-10 20:09 - 2014-05-27 17:14 - 00000000 ____D () C:\Users\Helweg\AppData\Local\ad1008879b0043e72588826305801881
2014-07-10 20:08 - 2014-06-05 17:17 - 00000000 ____D () C:\Users\Frank\AppData\Local\fc2a880503f1ab929600754f6835a71d
2014-07-10 19:47 - 2014-07-10 19:47 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-10 17:01 - 2006-11-02 14:34 - 00000342 _____ () C:\Windows\win.ini
2014-07-10 10:32 - 2014-07-10 10:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-10 10:32 - 2014-07-10 10:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-10 10:23 - 2014-07-08 15:16 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-10 10:08 - 2014-07-10 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-10 10:07 - 2014-07-10 10:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 10:05 - 2014-07-10 10:03 - 235258152 _____ (Emsisoft GmbH ) C:\Users\Helweg\Downloads\EmsisoftAntiMalwareSetup-9.0.4142.exe
2014-07-10 09:58 - 2014-07-10 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 09:56 - 2014-07-10 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 09:56 - 2014-07-10 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-10 03:23 - 2006-11-02 17:21 - 00364416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:20 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:04 - 2013-08-15 16:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:01 - 2006-11-02 14:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 17:51 - 2014-07-08 17:50 - 00030440 _____ () C:\Users\Helweg\Desktop\Addition.txt
2014-07-08 17:41 - 2014-07-08 17:41 - 02084352 _____ (Farbar) C:\Users\Helweg\Downloads\FRST64.exe
2014-07-08 15:55 - 2013-01-07 20:12 - 00001135 _____ () C:\Users\Frank\Desktop\Dropbox.lnk
2014-07-08 15:55 - 2012-07-10 21:43 - 00001913 _____ () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-07-08 15:18 - 2014-07-08 15:18 - 00000000 _____ () C:\autoexec.bat
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-08 15:07 - 2014-07-08 15:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Helweg\Downloads\sh-remover.exe
2014-07-08 14:16 - 2014-04-14 18:29 - 00000163 _____ () C:\Windows\Reimage.ini
2014-07-08 14:14 - 2014-07-08 14:14 - 00822448 _____ (Reimage®) C:\Users\Helweg\Downloads\ReimageRepair.exe
2014-07-08 13:17 - 2014-07-08 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-08 13:17 - 2012-12-30 13:59 - 00001907 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-08 13:08 - 2014-07-08 13:06 - 141865920 _____ () C:\Users\Helweg\Downloads\avira_free_antivirus45_de.exe
2014-07-08 12:59 - 2009-03-18 19:14 - 00000000 ____D () C:\Users\Helweg\Desktop\Frank
2014-07-08 11:22 - 2014-04-18 17:52 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-04 03:04 - 2014-07-04 03:04 - 00849408 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI553C.txt
2014-07-04 03:04 - 2009-04-11 15:40 - 00155142 _____ () C:\Windows\dd_dotnetfx35install_lp.txt
2014-07-04 03:04 - 2009-04-11 15:40 - 00072288 _____ () C:\Windows\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 18:20 - 2014-07-03 18:20 - 00001638 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-03 18:19 - 2014-07-03 18:19 - 04362512 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\dfsetup218.exe
2014-07-03 18:14 - 2009-03-18 23:09 - 00002661 _____ () C:\Users\Helweg\Desktop\Word 2003.lnk
2014-07-03 17:52 - 2014-07-03 17:52 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-03 17:52 - 2014-07-03 17:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:51 - 2014-07-03 17:51 - 00000736 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:51 - 2014-07-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:48 - 2014-07-03 17:47 - 03736040 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\ccsetup415_slim.exe
2014-07-03 16:59 - 2009-03-17 20:59 - 00097832 _____ () C:\Users\Helweg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 16:49 - 2014-07-03 16:47 - 04211448 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_x64_MSI7CD9.txt
2014-07-03 16:49 - 2014-07-03 16:37 - 00346038 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install.txt
2014-07-03 16:49 - 2014-07-03 16:37 - 00010576 _____ () C:\Users\Helweg\AppData\Local\setup.log
2014-07-03 16:38 - 2014-07-03 16:37 - 00184707 _____ () C:\Users\Helweg\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00872384 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_LangPack_MSI752F.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error.txt
2014-07-03 16:37 - 2014-07-03 16:36 - 00156252 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install_lp.txt
2014-07-03 16:36 - 2014-07-03 16:36 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error_lp.txt
2014-07-03 16:22 - 2013-03-31 12:24 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 10:21 - 2014-06-30 22:47 - 00060096 _____ (StdLib) C:\Windows\system32\Drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys
2014-06-28 12:29 - 2014-06-28 12:29 - 00000000 ____D () C:\Program Files (x86)\eDealsPop
2014-06-27 17:27 - 2009-03-19 19:02 - 00002661 _____ () C:\Users\Guido\Desktop\Microsoft Office Word 2003.lnk
2014-06-22 19:02 - 2010-07-24 19:21 - 00000000 ____D () C:\Users\Helweg\Desktop\Bilder
2014-06-19 16:35 - 2009-06-30 12:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 16:35 - 2009-06-30 12:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (7).exe
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (6).exe
Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\avgnt.exe
C:\Users\Frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptbvham.dll
C:\Users\Helweg\AppData\Local\Temp\avgnt.exe
C:\Users\Helweg\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-12 10:01
==================== End Of Log ============================
--- --- --- |
|
12.07.2014, 10:05
| #10 |
| | Windows Vista => Windows Version Installer Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Helweg at 2014-07-12 11:03:02
Running from C:\Users\Helweg\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
BlockAndSurf (HKLM-x32\...\9A08C510-8505-2B66-CAC9-1B6A5774EBB0) (Version: - BlockAndSurf-software) <==== ATTENTION
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
eDealsPop version 1.0 (HKLM-x32\...\eDealsPop_is1) (Version: 1.0 - eDealsPop)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Freeven pro (HKLM-x32\...\Freeven pro) (Version: 1.34.5.4 - Freeven) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IObit Apps Toolbar v9.4 (HKLM-x32\...\{5FACD482-8CE2-41D5-B05F-9EE67D21ECE7}) (Version: 9.4 - Spigot, Inc.) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.8 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Price Meter (remove only) (HKCU\...\Price Meter) (Version: 1.0.5.8 - Price Meter) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 14:34 - 2014-07-11 12:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0158EACB-EC36-40E8-9367-E6C5C17D1D3D} - \PriceMeterLiveUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {0672FA6B-A652-45E5-A9F8-DAB9F4A608F6} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {151501D4-9A06-4D4F-A106-7A45DED2FA01} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {25CDD78F-45B3-43CA-A3F1-81DD7C8109A3} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {3E39C697-4B82-43BD-BC29-A4730AAF8B65} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Guido => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {435D443A-E098-4268-965F-171790716F93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-01] (Google Inc.)
Task: {478386EA-58E6-4DCC-8FAF-120B4CB77F82} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {4C422867-F1BE-4DA0-BB0F-17FC8C821EFE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {52059672-E875-49B3-A0A7-9E4E4AF75EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-01] (Google Inc.)
Task: {537F4B97-3FA5-4A30-B1C1-6AF3F7CE1852} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {70F93A9D-130F-49E1-B3C8-B3425097A212} - \FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36} No Task File <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {AC0ED7C4-3C93-4B0E-BC9C-DFAA9CA95D79} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {ACEA87B5-9AE3-4637-8D2A-5D47F29CDEB5} - \PriceMeterLiveUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {B38F8E47-9BBC-4117-A7D2-BF3CD85B60AA} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-15] (Google)
Task: {CDFD99DC-8282-4DB1-9F2E-2C1B4851CECF} - System32\Tasks\Driver Booster SkipUAC (Helweg) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {D2C9B5C8-31B2-49C4-846C-AF801622F00C} - \FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13} No Task File <==== ATTENTION
Task: {D32BFDB7-C6B3-49D6-9904-576FB6DAB4E1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {DB7F7E83-7EC3-4384-9351-C0B2CA838F56} - System32\Tasks\OpenCandyHelperRunOnce50B6EA36D71E40A0A3C18908F0DAB3DB => C:\Users\Helweg\AppData\Roaming\OpenCandy\D89AC3DC906141E689AD48C0A591105E\OCBrowserHelper_1.0.6.128.exe
Task: {E308BA4E-AB4D-410B-8245-44368113737B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {E55CC7B7-A7DB-4BD7-850D-6B1BB6956675} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F5597B5F-CD4C-4048-A7F5-745CD8AD050A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {F9F1E983-1677-493B-AD04-76729C77C02A} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {FAA8DAEB-0F4B-4ED9-989C-B070C33C8DB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
==================== Loaded Modules (whitelisted) =============
2010-06-30 13:21 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
2014-07-10 10:07 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2012-12-07 16:15 - 2012-12-07 16:15 - 02126264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2012-12-07 16:15 - 2012-12-07 16:15 - 07422392 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2012-12-07 16:15 - 2012-12-07 16:15 - 02453944 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2012-12-07 16:15 - 2012-12-07 16:15 - 01270200 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2012-12-07 16:15 - 2012-12-07 16:15 - 00192952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2012-12-07 16:15 - 2012-12-07 16:15 - 00795064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2014-07-12 09:49 - 2014-07-12 09:49 - 00043008 _____ () c:\users\frank\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptbvham.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-10 19:53 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-10 19:53 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-10 19:53 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-10 19:53 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
2014-04-12 08:32 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-12 08:32 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: BlockNSurf => C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe
MSCONFIG\startupreg: CanonSolutionMenu => "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
MSCONFIG\startupreg: eDealsPop => "C:\Program Files (x86)\eDealsPop\eDealsPop.exe"
MSCONFIG\startupreg: Google Updater => "C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: MMReminderService => "C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe"
MSCONFIG\startupreg: Picasa Media Detector => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Slick Savings => "C:\Users\Helweg\AppData\Roaming\Slick Savings\CouponsHelper.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 10:14:08 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2014 09:48:23 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
System errors:
=============
Error: (07/12/2014 11:00:59 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (07/12/2014 10:54:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/12/2014 10:45:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/12/2014 10:44:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/12/2014 10:43:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/12/2014 10:42:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/12/2014 10:41:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/12/2014 10:24:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/12/2014 09:54:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/12/2014 09:53:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Microsoft Office Sessions:
=========================
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 10:14:08 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2014 09:48:23 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
CodeIntegrity Errors:
===================================
Date: 2014-07-11 12:13:03.395
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-11 12:13:03.036
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-10 20:34:24.274
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 10:34:27.885
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 10:34:27.264
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 10:34:26.862
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 10:34:26.284
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 09:58:57.873
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:04:02.261
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:04:01.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 4094.32 MB
Available physical RAM: 1276.09 MB
Total Pagefile: 8417.92 MB
Available Pagefile: 4714.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:327.54 GB) (Free:3.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:592.25 GB) (Free:582.36 GB) NTFS
Drive f: (FIFA 14) (CDROM) (Total:7.47 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: C347115F)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=328 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=592 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
12.07.2014, 12:48
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista => Windows Version Installer Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0CA5C2A4-FC7B-42AC-B2BE-F76A4326CE57} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
SearchScopes: HKCU - {B02CF801-09A6-4D54-8304-7241DB4CA721} URL =
SearchScopes: HKCU - {B83FFEF7-264A-45BA-8862-3CDCC5F6509D} URL =
SearchScopes: HKCU - {CD8517E8-4747-4ABB-A56B-D2B728494DBB} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 04bf3f87162335f.exe; C:\Users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2\04bf3f87162335f.exe [X]
S2 500846993a1f840578b6d445a5a24d51.exe; C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51\500846993a1f840578b6d445a5a24d51.exe [X]
S2 eaa8b969887a12a.exe; C:\Users\Frank\AppData\Local\bfe77b92df5c1641fd95342b38cd3be4\eaa8b969887a12a.exe [X]
S2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [X]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}t64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys [60096 2014-06-11] (StdLib)
R1 {bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64; C:\Windows\System32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys [60096 2014-06-30] (StdLib)
Task: {0158EACB-EC36-40E8-9367-E6C5C17D1D3D} - \PriceMeterLiveUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {0672FA6B-A652-45E5-A9F8-DAB9F4A608F6} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {25CDD78F-45B3-43CA-A3F1-81DD7C8109A3} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {70F93A9D-130F-49E1-B3C8-B3425097A212} - \FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36} No Task File <==== ATTENTION
Task: {ACEA87B5-9AE3-4637-8D2A-5D47F29CDEB5} - \PriceMeterLiveUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {D2C9B5C8-31B2-49C4-846C-AF801622F00C} - \FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13} No Task File <==== ATTENTION
Task: {F5597B5F-CD4C-4048-A7F5-745CD8AD050A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {F9F1E983-1677-493B-AD04-76729C77C02A} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
C:\Program Files\Enigma Software Group
C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys
C:\Windows\System32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys
C:\Program Files (x86)\WinRST
C:\Users\Helweg\AppData\Local\ad1008879b0043e72588826305801881
C:\Users\Frank\AppData\Local\fc2a880503f1ab929600754f6835a71d
C:\Users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2
C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51
C:\Users\Frank\AppData\Local\bfe77b92df5c1641fd95342b38cd3be4
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2014, 14:03
| #12 |
| | Windows Vista => Windows Version Installer Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by Helweg at 2014-07-12 14:51:55 Run:1
Running from C:\Users\Helweg\Desktop\Trojaner-Board
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0CA5C2A4-FC7B-42AC-B2BE-F76A4326CE57} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtCtA0C0BtB0B0CtC0CtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyEtD0F0FyDzztGyEyDyCyEtGtB0AyD0AtGzyzztCtAtGtBtAyC0D0F0ByD0EyC0ByC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0B0BtByCtDyBtG0FtCtDyCtGtC0C0CzztGtByBtB0BtGtCzz0CyEzzyD0DyDyD0FtCtC2Q&cr=152376170&ir=
SearchScopes: HKCU - {B02CF801-09A6-4D54-8304-7241DB4CA721} URL =
SearchScopes: HKCU - {B83FFEF7-264A-45BA-8862-3CDCC5F6509D} URL =
SearchScopes: HKCU - {CD8517E8-4747-4ABB-A56B-D2B728494DBB} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 04bf3f87162335f.exe; C:\Users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2\04bf3f87162335f.exe [X]
S2 500846993a1f840578b6d445a5a24d51.exe; C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51\500846993a1f840578b6d445a5a24d51.exe [X]
S2 eaa8b969887a12a.exe; C:\Users\Frank\AppData\Local\bfe77b92df5c1641fd95342b38cd3be4\eaa8b969887a12a.exe [X]
S2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [X]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}t64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys [60096 2014-06-11] (StdLib)
R1 {bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64; C:\Windows\System32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys [60096 2014-06-30] (StdLib)
Task: {0158EACB-EC36-40E8-9367-E6C5C17D1D3D} - \PriceMeterLiveUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {0672FA6B-A652-45E5-A9F8-DAB9F4A608F6} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {25CDD78F-45B3-43CA-A3F1-81DD7C8109A3} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {70F93A9D-130F-49E1-B3C8-B3425097A212} - \FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36} No Task File <==== ATTENTION
Task: {ACEA87B5-9AE3-4637-8D2A-5D47F29CDEB5} - \PriceMeterLiveUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {D2C9B5C8-31B2-49C4-846C-AF801622F00C} - \FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13} No Task File <==== ATTENTION
Task: {F5597B5F-CD4C-4048-A7F5-745CD8AD050A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {F9F1E983-1677-493B-AD04-76729C77C02A} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
C:\Program Files\Enigma Software Group
C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys
C:\Windows\System32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys
C:\Program Files (x86)\WinRST
C:\Users\Helweg\AppData\Local\ad1008879b0043e72588826305801881
C:\Users\Frank\AppData\Local\fc2a880503f1ab929600754f6835a71d
C:\Users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2
C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51
C:\Users\Frank\AppData\Local\bfe77b92df5c1641fd95342b38cd3be4
*****************
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CA5C2A4-FC7B-42AC-B2BE-F76A4326CE57}' => Key deleted successfully.
'HKCR\CLSID\{0CA5C2A4-FC7B-42AC-B2BE-F76A4326CE57}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B02CF801-09A6-4D54-8304-7241DB4CA721}' => Key deleted successfully.
'HKCR\CLSID\{B02CF801-09A6-4D54-8304-7241DB4CA721}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B83FFEF7-264A-45BA-8862-3CDCC5F6509D}' => Key deleted successfully.
'HKCR\CLSID\{B83FFEF7-264A-45BA-8862-3CDCC5F6509D}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD8517E8-4747-4ABB-A56B-D2B728494DBB}' => Key deleted successfully.
'HKCR\CLSID\{CD8517E8-4747-4ABB-A56B-D2B728494DBB}'=> Key not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
04bf3f87162335f.exe => Service deleted successfully.
500846993a1f840578b6d445a5a24d51.exe => Service deleted successfully.
eaa8b969887a12a.exe => Service deleted successfully.
WinRST => Service deleted successfully.
{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64 => Unable to stop service
{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64 => Service deleted successfully.
{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64 => Unable to stop service
{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64 => Service deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0158EACB-EC36-40E8-9367-E6C5C17D1D3D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0158EACB-EC36-40E8-9367-E6C5C17D1D3D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PriceMeterLiveUpdateUpdateTaskMachineUA' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0672FA6B-A652-45E5-A9F8-DAB9F4A608F6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0672FA6B-A652-45E5-A9F8-DAB9F4A608F6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25CDD78F-45B3-43CA-A3F1-81DD7C8109A3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25CDD78F-45B3-43CA-A3F1-81DD7C8109A3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70F93A9D-130F-49E1-B3C8-B3425097A212}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70F93A9D-130F-49E1-B3C8-B3425097A212}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {C76F29D1-146E-452F-B149-99F5250D4B36}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACEA87B5-9AE3-4637-8D2A-5D47F29CDEB5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACEA87B5-9AE3-4637-8D2A-5D47F29CDEB5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PriceMeterLiveUpdateUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2C9B5C8-31B2-49C4-846C-AF801622F00C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2C9B5C8-31B2-49C4-846C-AF801622F00C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {4693EEE2-0807-4D74-A502-26DE4E1EEF13}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5597B5F-CD4C-4048-A7F5-745CD8AD050A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5597B5F-CD4C-4048-A7F5-745CD8AD050A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9F1E983-1677-493B-AD04-76729C77C02A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9F1E983-1677-493B-AD04-76729C77C02A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}t64.sys => Moved successfully.
C:\Windows\System32\drivers\{bbb14e79-8bca-4abd-b124-4d30f9a4e2ad}t64.sys => Moved successfully.
"C:\Program Files (x86)\WinRST" => File/Directory not found.
C:\Users\Helweg\AppData\Local\ad1008879b0043e72588826305801881 => Moved successfully.
C:\Users\Frank\AppData\Local\fc2a880503f1ab929600754f6835a71d => Moved successfully.
"C:\Users\Frank\AppData\Local\98c84aee297705211cc76b32a059f9a2" => File/Directory not found.
C:\Users\Helweg\AppData\Local\500846993a1f840578b6d445a5a24d51 => Moved successfully.
"C:\Users\Frank\AppData\Local\bfe77b92df5c1641fd95342b38cd3be4" => File/Directory not found.
The system needed a reboot.
==== End of Fixlog ====
|
|
13.07.2014, 17:33
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista => Windows Version Installer Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2014, 12:40
| #14 |
| | Windows Vista => Windows Version Installer FRST LOG: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014
Ran by Helweg (administrator) on HELWEG-PC on 14-07-2014 13:31:23
Running from C:\Users\Helweg\Desktop\Trojaner-Board
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Fujitsu Siemens Computers GmbH) C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [EnergySettings] => C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe [113664 2008-09-19] (Fujitsu Siemens Computers GmbH)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-10] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-08-21] (Google Inc.)
HKU\S-1-5-21-2287802022-4268522758-2682476950-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-2287802022-4268522758-2682476950-1005\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=114576&ilc=12&p=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 - C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll No File
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\ascsurfingprotection@iobit.com [2014-04-18]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-19]
FF Extension: Greasemonkey - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2013-01-26]
FF Extension: WEB.DE MailCheck - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\toolbar@web.de.xpi [2011-12-22]
FF Extension: vshare Add-On - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-17]
FF Extension: Greasemonkey - C:\Users\Helweg\AppData\Roaming\Mozilla\Firefox\Profiles\625m98qj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-04]
FF HKCU\...\Firefox\Extensions: [{265EBC63-A567-27EE-3841-675D6F8D29FC}] - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Google Wallet) - C:\Users\Helweg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23]
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-10] (Emsisoft GmbH) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed]
S2 gupdate1c9b2bb5d066bbd; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-04-01] (Google Inc.)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) [File not signed]
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) [File not signed]
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) [File not signed]
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) [File not signed]
R0 Achernar; C:\Windows\System32\Drivers\Achernar.sys [34104 2009-04-05] (NewSoft Technology Corporation)
R0 Achernar; C:\Windows\SysWOW64\Drivers\Achernar.sys [18432 2007-02-05] (NewSoft Technology Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) [File not signed]
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2009-09-03] (Texas Instruments) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Helweg\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-12 11:06 - 2014-07-14 13:31 - 00000000 ____D () C:\Users\Helweg\Desktop\Trojaner-Board
2014-07-11 22:51 - 2014-07-11 22:51 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 17:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-11 17:49 - 2014-07-11 19:52 - 00000000 ____D () C:\AdwCleaner
2014-07-11 12:25 - 2014-07-11 12:25 - 00027990 _____ () C:\ComboFix.txt
2014-07-11 11:44 - 2014-07-11 12:25 - 00000000 ____D () C:\Qoobox
2014-07-11 11:44 - 2014-07-11 12:25 - 00000000 ____D () C:\ComboFix
2014-07-11 11:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-11 11:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-11 11:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-11 11:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-11 11:43 - 2014-07-11 12:23 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 11:42 - 2014-07-11 11:43 - 05218032 _____ (Swearware) C:\Users\Helweg\Downloads\ComboFix.exe
2014-07-10 20:57 - 2014-07-10 20:57 - 00001547 _____ () C:\Users\Helweg\Downloads\folder_fix_w7.zip
2014-07-10 20:57 - 2014-07-10 20:57 - 00001547 _____ () C:\Users\Helweg\Downloads\folder_fix_w7 (1).zip
2014-07-10 20:11 - 2014-07-10 20:40 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-07-10 20:11 - 2014-07-10 20:40 - 00000288 _____ () C:\Windows\system32\eamclean.dat
2014-07-10 19:47 - 2014-07-10 19:47 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-10 10:32 - 2014-07-10 10:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-10 10:32 - 2014-07-10 10:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-10 10:08 - 2014-07-10 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-10 10:07 - 2014-07-14 13:31 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-10 10:07 - 2014-07-10 10:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 10:03 - 2014-07-10 10:05 - 235258152 _____ (Emsisoft GmbH ) C:\Users\Helweg\Downloads\EmsisoftAntiMalwareSetup-9.0.4142.exe
2014-07-10 09:58 - 2014-07-10 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 09:56 - 2014-07-10 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 09:56 - 2014-07-10 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-10 01:07 - 2014-06-07 06:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 01:07 - 2014-06-07 05:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 01:07 - 2014-06-07 04:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 01:07 - 2014-06-07 04:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 01:07 - 2014-06-07 04:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 01:07 - 2014-06-07 04:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 01:07 - 2014-06-07 04:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-10 01:07 - 2014-06-07 04:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 01:07 - 2014-06-07 04:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 01:07 - 2014-06-07 04:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 01:07 - 2014-06-07 04:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 01:07 - 2014-06-07 04:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 01:07 - 2014-06-07 04:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 01:07 - 2014-06-07 04:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 01:07 - 2014-06-07 04:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 01:07 - 2014-06-07 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 01:07 - 2014-06-07 04:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-10 01:07 - 2014-06-07 04:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-10 01:07 - 2014-06-07 04:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 01:07 - 2014-06-07 04:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-10 01:07 - 2014-06-07 04:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 01:07 - 2014-06-07 02:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 01:07 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 01:07 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 01:07 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 01:07 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 01:07 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 01:07 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 01:07 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-10 01:07 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 01:07 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 01:07 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-10 01:07 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 01:07 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 01:07 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 01:07 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 01:07 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-10 01:07 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 01:07 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 01:07 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-10 01:07 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 01:07 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-10 01:07 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 01:07 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 01:07 - 2014-06-06 09:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 01:07 - 2014-05-30 09:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 17:42 - 2014-07-14 13:31 - 00000000 ____D () C:\FRST
2014-07-08 17:41 - 2014-07-08 17:41 - 02084352 _____ (Farbar) C:\Users\Helweg\Downloads\FRST64.exe
2014-07-08 15:18 - 2014-07-08 15:18 - 00000000 _____ () C:\autoexec.bat
2014-07-08 15:16 - 2014-07-10 10:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-08 15:07 - 2014-07-08 15:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Helweg\Downloads\sh-remover.exe
2014-07-08 14:14 - 2014-07-08 14:14 - 00822448 _____ (Reimage®) C:\Users\Helweg\Downloads\ReimageRepair.exe
2014-07-08 13:35 - 2014-07-11 22:29 - 00160436 _____ () C:\Windows\PFRO.log
2014-07-08 13:17 - 2014-07-08 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-08 13:06 - 2014-07-08 13:08 - 141865920 _____ () C:\Users\Helweg\Downloads\avira_free_antivirus45_de.exe
2014-07-04 03:04 - 2014-07-04 03:04 - 00849408 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI553C.txt
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-03 18:19 - 2014-07-03 18:19 - 04362512 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\dfsetup218.exe
2014-07-03 17:52 - 2014-07-03 17:52 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-03 17:51 - 2014-07-03 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:51 - 2014-07-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:47 - 2014-07-03 17:48 - 03736040 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\ccsetup415_slim.exe
2014-07-03 16:47 - 2014-07-03 16:49 - 04211448 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_x64_MSI7CD9.txt
2014-07-03 16:37 - 2014-07-03 16:49 - 00346038 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install.txt
2014-07-03 16:37 - 2014-07-03 16:49 - 00010576 _____ () C:\Users\Helweg\AppData\Local\setup.log
2014-07-03 16:37 - 2014-07-03 16:38 - 00184707 _____ () C:\Users\Helweg\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00872384 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_LangPack_MSI752F.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error.txt
2014-07-03 16:36 - 2014-07-03 16:37 - 00156252 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install_lp.txt
2014-07-03 16:36 - 2014-07-03 16:36 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error_lp.txt
2014-06-28 12:29 - 2014-06-28 12:29 - 00000000 ____D () C:\Program Files (x86)\eDealsPop
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (7).exe
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (6).exe
==================== One Month Modified Files and Folders =======
2014-07-14 13:31 - 2014-07-12 11:06 - 00000000 ____D () C:\Users\Helweg\Desktop\Trojaner-Board
2014-07-14 13:31 - 2014-07-10 10:07 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-14 13:31 - 2014-07-08 17:42 - 00000000 ____D () C:\FRST
2014-07-14 12:58 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 12:58 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 12:44 - 2009-06-30 12:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 12:34 - 2009-03-17 20:52 - 01854589 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 10:38 - 2009-04-01 13:12 - 00001064 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-07-13 16:40 - 2009-06-30 12:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-12 14:59 - 2014-04-08 21:05 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 14:58 - 2013-12-28 01:40 - 00000292 _____ () C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job
2014-07-12 14:58 - 2009-01-26 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-12 14:58 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-12 14:57 - 2006-11-02 17:42 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 14:56 - 2013-01-07 20:12 - 00000000 ___RD () C:\Users\Frank\Dropbox
2014-07-12 14:51 - 2006-11-02 15:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-12 11:08 - 2009-03-19 17:02 - 00000000 ___RD () C:\Users\Helweg\Desktop\Programme
2014-07-12 11:07 - 2009-05-12 16:03 - 00000000 ____D () C:\Users\Helweg\Desktop\Mama
2014-07-12 09:50 - 2013-01-07 20:10 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Dropbox
2014-07-12 09:49 - 2014-05-16 19:36 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\DropboxMaster
2014-07-12 09:44 - 2011-05-21 13:57 - 00097832 _____ () C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 00:40 - 2013-12-28 01:40 - 00000300 _____ () C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job
2014-07-11 22:51 - 2014-07-11 22:51 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 22:29 - 2014-07-08 13:35 - 00160436 _____ () C:\Windows\PFRO.log
2014-07-11 22:29 - 2014-04-18 17:51 - 00000000 ____D () C:\Users\Helweg\AppData\Roaming\IObit
2014-07-11 22:29 - 2014-04-18 17:51 - 00000000 ____D () C:\ProgramData\IObit
2014-07-11 22:29 - 2014-04-18 17:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-11 22:29 - 2009-03-18 17:04 - 00000000 ____D () C:\ProgramData\ICQ
2014-07-11 19:52 - 2014-07-11 17:49 - 00000000 ____D () C:\AdwCleaner
2014-07-11 16:04 - 2013-02-22 13:27 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-07-11 12:25 - 2014-07-11 12:25 - 00027990 _____ () C:\ComboFix.txt
2014-07-11 12:25 - 2014-07-11 11:44 - 00000000 ____D () C:\Qoobox
2014-07-11 12:25 - 2014-07-11 11:44 - 00000000 ____D () C:\ComboFix
2014-07-11 12:25 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default
2014-07-11 12:23 - 2014-07-11 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 12:17 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-11 11:43 - 2014-07-11 11:42 - 05218032 _____ (Swearware) C:\Users\Helweg\Downloads\ComboFix.exe
2014-07-10 21:02 - 2011-07-04 00:04 - 00000000 ____D () C:\Users\Helweg\AppData\Local\CrashDumps
2014-07-10 20:57 - 2014-07-10 20:57 - 00001547 _____ () C:\Users\Helweg\Downloads\folder_fix_w7.zip
2014-07-10 20:57 - 2014-07-10 20:57 - 00001547 _____ () C:\Users\Helweg\Downloads\folder_fix_w7 (1).zip
2014-07-10 20:40 - 2014-07-10 20:11 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-07-10 20:40 - 2014-07-10 20:11 - 00000288 _____ () C:\Windows\system32\eamclean.dat
2014-07-10 19:47 - 2014-07-10 19:47 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-10 17:01 - 2006-11-02 14:34 - 00000342 _____ () C:\Windows\win.ini
2014-07-10 10:32 - 2014-07-10 10:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-10 10:32 - 2014-07-10 10:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-10 10:23 - 2014-07-08 15:16 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-10 10:08 - 2014-07-10 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-10 10:07 - 2014-07-10 10:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 10:05 - 2014-07-10 10:03 - 235258152 _____ (Emsisoft GmbH ) C:\Users\Helweg\Downloads\EmsisoftAntiMalwareSetup-9.0.4142.exe
2014-07-10 09:58 - 2014-07-10 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 09:56 - 2014-07-10 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 09:56 - 2014-07-10 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helweg\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-10 03:23 - 2006-11-02 17:21 - 00364416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:20 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:04 - 2013-08-15 16:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:01 - 2006-11-02 14:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 17:41 - 2014-07-08 17:41 - 02084352 _____ (Farbar) C:\Users\Helweg\Downloads\FRST64.exe
2014-07-08 15:55 - 2013-01-07 20:12 - 00001135 _____ () C:\Users\Frank\Desktop\Dropbox.lnk
2014-07-08 15:55 - 2012-07-10 21:43 - 00001913 _____ () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-07-08 15:18 - 2014-07-08 15:18 - 00000000 _____ () C:\autoexec.bat
2014-07-08 15:07 - 2014-07-08 15:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Helweg\Downloads\sh-remover.exe
2014-07-08 14:16 - 2014-04-14 18:29 - 00000163 _____ () C:\Windows\Reimage.ini
2014-07-08 14:14 - 2014-07-08 14:14 - 00822448 _____ (Reimage®) C:\Users\Helweg\Downloads\ReimageRepair.exe
2014-07-08 13:17 - 2014-07-08 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-08 13:08 - 2014-07-08 13:06 - 141865920 _____ () C:\Users\Helweg\Downloads\avira_free_antivirus45_de.exe
2014-07-08 12:59 - 2009-03-18 19:14 - 00000000 ____D () C:\Users\Helweg\Desktop\Frank
2014-07-08 11:22 - 2014-04-18 17:52 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-04 03:04 - 2014-07-04 03:04 - 00849408 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI553C.txt
2014-07-04 03:04 - 2009-04-11 15:40 - 00155142 _____ () C:\Windows\dd_dotnetfx35install_lp.txt
2014-07-04 03:04 - 2009-04-11 15:40 - 00072288 _____ () C:\Windows\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-07-03 18:20 - 2014-07-03 18:20 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-03 18:19 - 2014-07-03 18:19 - 04362512 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\dfsetup218.exe
2014-07-03 18:14 - 2009-03-18 23:09 - 00002661 _____ () C:\Users\Helweg\Desktop\Word 2003.lnk
2014-07-03 17:52 - 2014-07-03 17:52 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-03 17:52 - 2014-07-03 17:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:51 - 2014-07-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:48 - 2014-07-03 17:47 - 03736040 _____ (Piriform Ltd) C:\Users\Helweg\Downloads\ccsetup415_slim.exe
2014-07-03 16:59 - 2009-03-17 20:59 - 00097832 _____ () C:\Users\Helweg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 16:49 - 2014-07-03 16:47 - 04211448 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_x64_MSI7CD9.txt
2014-07-03 16:49 - 2014-07-03 16:37 - 00346038 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install.txt
2014-07-03 16:49 - 2014-07-03 16:37 - 00010576 _____ () C:\Users\Helweg\AppData\Local\setup.log
2014-07-03 16:38 - 2014-07-03 16:37 - 00184707 _____ () C:\Users\Helweg\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00872384 _____ () C:\Users\Helweg\AppData\Local\dd_NET_Framework35_LangPack_MSI752F.txt
2014-07-03 16:37 - 2014-07-03 16:37 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error.txt
2014-07-03 16:37 - 2014-07-03 16:36 - 00156252 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35install_lp.txt
2014-07-03 16:36 - 2014-07-03 16:36 - 00000002 _____ () C:\Users\Helweg\AppData\Local\dd_dotnetfx35error_lp.txt
2014-07-03 16:22 - 2013-03-31 12:24 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-28 12:29 - 2014-06-28 12:29 - 00000000 ____D () C:\Program Files (x86)\eDealsPop
2014-06-27 17:27 - 2009-03-19 19:02 - 00002661 _____ () C:\Users\Guido\Desktop\Microsoft Office Word 2003.lnk
2014-06-22 19:02 - 2010-07-24 19:21 - 00000000 ____D () C:\Users\Helweg\Desktop\Bilder
2014-06-19 16:35 - 2009-06-30 12:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 16:35 - 2009-06-30 12:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (7).exe
2014-06-17 21:57 - 2014-06-17 21:57 - 00998400 _____ () C:\Users\Frank\Downloads\setup (6).exe
Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\avgnt.exe
C:\Users\Frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptbvham.dll
C:\Users\Helweg\AppData\Local\Temp\avgnt.exe
C:\Users\Helweg\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-14 03:13
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014
Ran by Helweg at 2014-07-14 13:37:35
Running from C:\Users\Helweg\Desktop\Trojaner-Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
BlockAndSurf (HKLM-x32\...\9A08C510-8505-2B66-CAC9-1B6A5774EBB0) (Version: - BlockAndSurf-software) <==== ATTENTION
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
eDealsPop version 1.0 (HKLM-x32\...\eDealsPop_is1) (Version: 1.0 - eDealsPop)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Freeven pro (HKLM-x32\...\Freeven pro) (Version: 1.34.5.4 - Freeven) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IObit Apps Toolbar v9.4 (HKLM-x32\...\{5FACD482-8CE2-41D5-B05F-9EE67D21ECE7}) (Version: 9.4 - Spigot, Inc.) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.8 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Price Meter (remove only) (HKCU\...\Price Meter) (Version: 1.0.5.8 - Price Meter) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
14-07-2014 01:00:12 Windows Update
==================== Hosts content: ==========================
2006-11-02 14:34 - 2014-07-11 12:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {151501D4-9A06-4D4F-A106-7A45DED2FA01} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {3E39C697-4B82-43BD-BC29-A4730AAF8B65} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Guido => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {435D443A-E098-4268-965F-171790716F93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-01] (Google Inc.)
Task: {478386EA-58E6-4DCC-8FAF-120B4CB77F82} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {4C422867-F1BE-4DA0-BB0F-17FC8C821EFE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {52059672-E875-49B3-A0A7-9E4E4AF75EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-01] (Google Inc.)
Task: {537F4B97-3FA5-4A30-B1C1-6AF3F7CE1852} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {AC0ED7C4-3C93-4B0E-BC9C-DFAA9CA95D79} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {B38F8E47-9BBC-4117-A7D2-BF3CD85B60AA} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-15] (Google)
Task: {CDFD99DC-8282-4DB1-9F2E-2C1B4851CECF} - System32\Tasks\Driver Booster SkipUAC (Helweg) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {D32BFDB7-C6B3-49D6-9904-576FB6DAB4E1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {DB7F7E83-7EC3-4384-9351-C0B2CA838F56} - System32\Tasks\OpenCandyHelperRunOnce50B6EA36D71E40A0A3C18908F0DAB3DB => C:\Users\Helweg\AppData\Roaming\OpenCandy\D89AC3DC906141E689AD48C0A591105E\OCBrowserHelper_1.0.6.128.exe
Task: {E308BA4E-AB4D-410B-8245-44368113737B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {E55CC7B7-A7DB-4BD7-850D-6B1BB6956675} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FAA8DAEB-0F4B-4ED9-989C-B070C33C8DB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287802022-4268522758-2682476950-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
==================== Loaded Modules (whitelisted) =============
2010-06-30 13:21 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
2014-07-10 10:07 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: BlockNSurf => C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe
MSCONFIG\startupreg: CanonSolutionMenu => "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
MSCONFIG\startupreg: eDealsPop => "C:\Program Files (x86)\eDealsPop\eDealsPop.exe"
MSCONFIG\startupreg: Google Updater => "C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: MMReminderService => "C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe"
MSCONFIG\startupreg: Picasa Media Detector => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Slick Savings => "C:\Users\Helweg\AppData\Roaming\Slick Savings\CouponsHelper.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2014 03:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 10:14:08 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/12/2014 09:49:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/14/2014 01:33:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 01:03:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 00:33:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 00:03:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 11:33:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 11:03:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 10:33:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 10:03:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 09:33:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Error: (07/14/2014 09:03:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Media Center-Planerdienst%%2147942405
Microsoft Office Sessions:
=========================
Error: (07/12/2014 03:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 10:14:09 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 10:14:08 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:22 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Frank\AppData\Roaming\Spotify\spotify.exeC:\Users\Frank\AppData\Roaming\Spotify\spotify.exe0
Error: (07/12/2014 09:49:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-07-11 12:13:03.395
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-11 12:13:03.036
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-10 20:34:24.274
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 10:34:27.885
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 10:34:27.264
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 10:34:26.862
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 10:34:26.284
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-10 09:58:57.873
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:04:02.261
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 20:04:01.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 4094.32 MB
Available physical RAM: 2262.88 MB
Total Pagefile: 8417.92 MB
Available Pagefile: 6010.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:327.54 GB) (Free:3.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:592.25 GB) (Free:582.36 GB) NTFS
Drive f: (FIFA 14) (CDROM) (Total:7.47 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: C347115F)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=328 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=592 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
14.07.2014, 14:07
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista => Windows Version Installer Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
