| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - Werbefenster öffnen sich überallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.08.2014, 15:57
| #1 |
 |  Windows 7 - Werbefenster öffnen sich überall Hallo, bin zum ersten Mal hier und hoffe ich mache nichts falsch - ihr habt ja viele Regeln ! Gut - ich habe auf meinem Laptop seit ein paar Tagen - so genau weiß ich nicht wann es begonnen hat- das Problem dass sich immer wieder Werbefenster öffnen und gewisse Wörter fett geschrieben und mit einem grünen Kreis und Pfeil unterlegt sind - dahinter dann immer eine Werbung. Hab Farbar Recovery Scan heruntergeladen und Scan ausgeführt: ich hoffe das ist jetzt nicht zuviel? Bitte um Hilfe - DANKE - mir kommt das jetzt wahnsinnig viel vor .... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01 Ran by Petra (administrator) on PETRA-PC on 19-08-2014 16:35:12 Running from C:\Users\Petra\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Somoto) C:\Users\Petra\AppData\Local\FilesFrog Update Checker\update_checker.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (SaveSense) C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe (Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSPUB.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSPUB.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSPUB.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Dropbox, Inc.) C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-4103409644-2115618623-1480157512-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-4103409644-2115618623-1480157512-1001\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\Petra\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l AppInit_DLLs: c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files\searchprotect\searchprotect\bin\spvc32loader.dll [187328 2014-07-22] () AppInit_DLLs: c:\progra~2\winspeed\winspeed.dll => c:\ProgramData\WinSpeed\WinSpeed.dll [4127232 2014-08-17] () Lsa: [Notification Packages] scecli ACGina Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.max-start.com/?babsrc=HP_ss_mib2&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xABF32BFAA22CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?q=google&babsrc=HP_ss&s=web&rlz=0&as=0&ac=0%2C1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1 L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0 FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir= SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyE tDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtG tDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir= SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyE tDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtG tDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir= SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013 SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=58&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&q={searchTerms}&SSPV= SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyE tDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtG tDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=58&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&q={searchTerms}&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221 SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013 BHO: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Program Files\SaveSense\SaveSenseIE.dll (SaveSense) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial) BHO: buenosearch Helper Object -> {F1C81E40-2485-4DB6-8C9D-04BD596B281E} -> C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial) Toolbar: HKLM - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD) DPF: {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9 FF DefaultSearchEngine: WSE Rocket FF SearchEngineOrder.1: Mysearchdial FF SelectedSearchEngine: WSE Rocket FF Homepage: hxxp://www.google.at/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF user.js: detected! => C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\user.js FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\ask-search.xml FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\buenosearch.xml FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\Mysearchdial.xml FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\WSE Rocket.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: BuenoSearch - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\ffxtlbr@buenosearch.com [2014-04-18] FF Extension: mysearchdial.com - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\ffxtlbr@mysearchdial.com [2014-04-13] FF Extension: SmartCompaRe - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\hpbrdeuytjdd@oj-qhyt.edu [2014-08-17] FF Extension: SaveSense - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} [2013-12-01] FF Extension: Rocket New Tab - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b} [2014-07-27] FF Extension: Ask Toolbar - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi [2014-03-26] FF Extension: MySearchDial - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-13] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-05-20] Chrome: ======= CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=55&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&SSPV= CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=55&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&SSPV=" CHR NewTab: "chrome-extension://iagcajndpnfncplednpbnkahadegklfa/content/newtab/newtab.html", "chrome-extension://amfclgbdpgndipgoegfpkkgobahigbcl/redirect.html" CHR DefaultSearchKeyword: trovi.search CHR DefaultSearchProvider: Trovi search CHR DefaultSearchURL: hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=58&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&q={searchTerms}&SSPV= CHR DefaultSuggestURL: hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (New Tab Page) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-12-21] CHR Extension: (Google Docs) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31] CHR Extension: (Wunderlist Panel) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo [2014-08-17] CHR Extension: (MySearchDial Neuer Tab) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-08-19] CHR Extension: (SaveSense) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2013-12-01] CHR Extension: (No Name) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop [2013-11-16] CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Petra\AppData\Local\speedial.crx [2014-04-13] CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Petra\AppData\Local\speedial.crx [2014-04-13] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-05-20] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134240 2012-05-30] (Lenovo) R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [273504 2012-05-30] (Lenovo) S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-24] () [File not signed] S4 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2975168 2014-07-22] () [File not signed] R2 f1f78e38; c:\ProgramData\WinSpeed\WinSpeedSvc.dll [186192 2014-08-17] () [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited) S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-01] (SaveSense) S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-01] (SaveSense) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [22840 2012-07-05] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [23608 2012-07-05] (Synaptics Incorporated) R3 SWNC8U01; C:\Windows\System32\DRIVERS\SWNC8U01.sys [102144 2007-01-12] (Sierra Wireless Inc.) R3 SWUMX01; C:\Windows\System32\DRIVERS\swumx01.sys [70656 2007-01-12] (Sierra Wireless Inc.) R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52920 2014-04-21] (StdLib) S3 HSF_DPV; system32\DRIVERS\HSX_DPV.sys [X] S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X] S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) S3 winachsf; system32\DRIVERS\HSX_CNXT.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 16:35 - 2014-08-19 16:35 - 00024510 _____ () C:\Users\Petra\Downloads\FRST.txt 2014-08-19 16:34 - 2014-08-19 16:35 - 00000000 ___DC () C:\FRST 2014-08-19 16:33 - 2014-08-19 16:33 - 01093632 _____ (Farbar) C:\Users\Petra\Downloads\FRST.exe 2014-08-19 16:13 - 2014-08-19 16:13 - 00000000 ___DC () C:\Program Files\SmarotCompAre 2014-08-19 11:15 - 2014-08-19 16:17 - 00065536 ___HT () C:\Users\Petra\~Outlook.pst.tmp 2014-08-17 09:33 - 2014-08-19 16:13 - 00000000 ____D () C:\ProgramData\SmarotCompAre 2014-08-17 09:33 - 2014-08-19 16:13 - 00000000 ____D () C:\ProgramData\b089358267e0237d 2014-08-17 09:13 - 2014-08-17 09:13 - 00000000 ____D () C:\ProgramData\WinSpeed 2014-08-14 08:05 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 08:04 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 08:04 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 08:04 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 10:17 - 2014-08-13 10:27 - 70454999 _____ () C:\Users\Petra\Downloads\Heidi_Folge_16_deutsch.mp4 2014-08-13 10:17 - 2014-08-13 10:27 - 69942527 _____ () C:\Users\Petra\Downloads\Heidi_Folge_17_deutsch.mp4 2014-08-13 10:16 - 2014-08-13 10:27 - 75299683 _____ () C:\Users\Petra\Downloads\Heidi_Folge_15_deutsch.mp4 2014-08-13 10:15 - 2014-08-13 10:26 - 73407198 _____ () C:\Users\Petra\Downloads\Heidi_Folge_14_deutsch.mp4 2014-08-13 10:14 - 2014-08-13 10:25 - 83459007 _____ () C:\Users\Petra\Downloads\Heidi_Folge_13_deutsch.mp4 2014-08-13 10:12 - 2014-08-13 10:24 - 81268667 _____ () C:\Users\Petra\Downloads\Heidi_Folge_11_deutsch.mp4 2014-08-13 10:12 - 2014-08-13 10:24 - 80383649 _____ () C:\Users\Petra\Downloads\Heidi_Folge_12_deutsch.mp4 2014-08-13 10:11 - 2014-08-13 10:14 - 70934097 _____ () C:\Users\Petra\Downloads\Heidi_Folge_10_deutsch.mp4 2014-08-13 09:06 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-13 09:06 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-13 09:06 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-13 09:06 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-13 09:06 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-13 09:06 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-13 09:06 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-13 09:06 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-13 09:06 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-13 09:06 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-13 09:06 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-13 09:06 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-13 09:06 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-13 09:06 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-13 09:06 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-13 09:06 - 2014-07-16 04:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-13 09:06 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 09:06 - 2014-07-16 03:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-13 09:06 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 09:06 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 09:06 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-13 09:06 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 09:06 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 09:06 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 09:06 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 09:06 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 09:05 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-13 09:05 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-13 09:05 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-13 09:05 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-13 09:05 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-13 09:05 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-13 09:05 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-13 09:05 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-13 09:05 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-13 09:05 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-13 09:05 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-08 13:53 - 2014-08-08 13:54 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Petra\Downloads\FreeYouTubeToMP3Converter(2).exe 2014-08-07 20:53 - 2014-08-07 20:53 - 00000964 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-08-05 19:58 - 2014-08-05 19:58 - 01868412 _____ () C:\Users\Petra\Downloads\PAKA5.psd 2014-07-31 10:04 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-07-31 10:04 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-07-31 10:04 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-07-31 10:04 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-07-31 10:04 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-07-31 10:04 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-07-31 10:04 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-07-31 10:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-07-31 10:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-07-30 14:49 - 2014-07-30 18:36 - 00000000 ____D () C:\Users\Petra\Downloads\GSpot270a 2014-07-30 14:36 - 2014-07-30 14:36 - 00000000 ____D () C:\Users\Petra\Documents\GSpot270a 2014-07-30 14:35 - 2014-07-30 14:35 - 00411509 _____ () C:\Users\Petra\Downloads\GSpot270a.zip 2014-07-27 20:42 - 2014-08-17 09:13 - 00000000 ____D () C:\ProgramData\2308189059 2014-07-27 20:40 - 2014-07-27 20:40 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-27 20:35 - 2014-07-27 20:35 - 00001656 _____ () C:\Users\Public\Desktop\Free AVI Video Converter.lnk 2014-07-27 20:34 - 2014-07-27 20:37 - 00000000 ____D () C:\Users\Petra\AppData\Local\Rocket 2014-07-27 20:33 - 2014-08-19 16:33 - 00000292 _____ () C:\Windows\Tasks\Rocket Updater.job 2014-07-27 20:33 - 2014-07-27 20:33 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\RocketUpdater 2014-07-27 20:29 - 2014-07-27 20:30 - 01526024 _____ (Koyote-Lab Inc) C:\Users\Petra\Downloads\FreeVideoConverterSetup-r135-n-bf(1).exe 2014-07-27 20:29 - 2014-07-27 20:29 - 00723336 _____ ( ) C:\Users\Petra\Downloads\FreeAVIVideoConverter.exe 2014-07-27 20:18 - 2014-07-28 08:20 - 00000000 ____D () C:\Users\Petra\AppData\Local\{7B9F2A39-A1FC-4DDE-BD59-73914D1F96A7} 2014-07-24 20:29 - 2014-07-24 20:29 - 00004608 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-21 20:31 - 2014-07-21 20:32 - 00000000 ____D () C:\Users\Petra\AppData\Local\{5F75AAF1-365A-4D11-9D79-8536E2D97E6A} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 16:35 - 2014-08-19 16:35 - 00024510 _____ () C:\Users\Petra\Downloads\FRST.txt 2014-08-19 16:35 - 2014-08-19 16:34 - 00000000 ___DC () C:\FRST 2014-08-19 16:35 - 2009-07-14 06:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-19 16:35 - 2009-07-14 06:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-19 16:34 - 2013-12-24 15:53 - 25666560 _____ () C:\Users\Petra\Outlook.pst 2014-08-19 16:33 - 2014-08-19 16:33 - 01093632 _____ (Farbar) C:\Users\Petra\Downloads\FRST.exe 2014-08-19 16:33 - 2014-07-27 20:33 - 00000292 _____ () C:\Windows\Tasks\Rocket Updater.job 2014-08-19 16:33 - 2014-04-13 09:33 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job 2014-08-19 16:28 - 2014-01-22 15:18 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\inkscape 2014-08-19 16:17 - 2014-08-19 11:15 - 00065536 ___HT () C:\Users\Petra\~Outlook.pst.tmp 2014-08-19 16:17 - 2013-11-06 20:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-19 16:17 - 2013-05-31 07:17 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-19 16:16 - 2013-03-29 16:33 - 00000000 ____D () C:\Users\Petra 2014-08-19 16:15 - 2013-11-26 19:36 - 00000000 ____D () C:\Users\Petra\AppData\Local\CrashDumps 2014-08-19 16:15 - 2013-03-29 16:22 - 01153557 ____N () C:\Windows\WindowsUpdate.log 2014-08-19 16:15 - 2012-08-23 18:01 - 00000000 ____D () C:\Windows\Panther 2014-08-19 16:13 - 2014-08-19 16:13 - 00000000 ___DC () C:\Program Files\SmarotCompAre 2014-08-19 16:13 - 2014-08-17 09:33 - 00000000 ____D () C:\ProgramData\SmarotCompAre 2014-08-19 16:13 - 2014-08-17 09:33 - 00000000 ____D () C:\ProgramData\b089358267e0237d 2014-08-19 16:12 - 2013-04-27 19:26 - 00000000 ____D () C:\ProgramData\Adobe 2014-08-19 16:07 - 2013-06-24 10:30 - 00000000 ___RD () C:\Users\Petra\Dropbox 2014-08-19 16:07 - 2013-06-24 10:27 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-19 16:07 - 2013-06-24 10:27 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Dropbox 2014-08-19 11:17 - 2013-05-31 07:17 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-17 09:13 - 2014-08-17 09:13 - 00000000 ____D () C:\ProgramData\WinSpeed 2014-08-17 09:13 - 2014-07-27 20:42 - 00000000 ____D () C:\ProgramData\2308189059 2014-08-15 16:21 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-15 08:43 - 2013-05-31 07:22 - 00002128 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-14 21:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-08-14 08:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-14 08:30 - 2013-12-21 17:55 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\newnext.me 2014-08-14 08:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 08:28 - 2009-07-14 06:33 - 00409176 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-14 08:26 - 2014-05-07 09:17 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-14 08:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-14 08:10 - 2013-04-07 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-13 10:27 - 2014-08-13 10:17 - 70454999 _____ () C:\Users\Petra\Downloads\Heidi_Folge_16_deutsch.mp4 2014-08-13 10:27 - 2014-08-13 10:17 - 69942527 _____ () C:\Users\Petra\Downloads\Heidi_Folge_17_deutsch.mp4 2014-08-13 10:27 - 2014-08-13 10:16 - 75299683 _____ () C:\Users\Petra\Downloads\Heidi_Folge_15_deutsch.mp4 2014-08-13 10:26 - 2014-08-13 10:15 - 73407198 _____ () C:\Users\Petra\Downloads\Heidi_Folge_14_deutsch.mp4 2014-08-13 10:25 - 2014-08-13 10:14 - 83459007 _____ () C:\Users\Petra\Downloads\Heidi_Folge_13_deutsch.mp4 2014-08-13 10:24 - 2014-08-13 10:12 - 81268667 _____ () C:\Users\Petra\Downloads\Heidi_Folge_11_deutsch.mp4 2014-08-13 10:24 - 2014-08-13 10:12 - 80383649 _____ () C:\Users\Petra\Downloads\Heidi_Folge_12_deutsch.mp4 2014-08-13 10:14 - 2014-08-13 10:11 - 70934097 _____ () C:\Users\Petra\Downloads\Heidi_Folge_10_deutsch.mp4 2014-08-08 13:59 - 2014-05-05 20:11 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-08-08 13:58 - 2013-05-20 21:00 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\DVDVideoSoft 2014-08-08 13:57 - 2014-05-05 20:14 - 00000000 ___DC () C:\Program Files\SearchProtect 2014-08-08 13:57 - 2013-05-20 21:01 - 00002283 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-08-08 13:56 - 2013-05-20 21:00 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\OpenCandy 2014-08-08 13:54 - 2014-08-08 13:53 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Petra\Downloads\FreeYouTubeToMP3Converter(2).exe 2014-08-07 20:53 - 2014-08-07 20:53 - 00000964 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-08-07 20:53 - 2014-01-09 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-08-07 03:43 - 2014-08-13 09:06 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-07 03:39 - 2014-08-13 09:06 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-05 19:58 - 2014-08-05 19:58 - 01868412 _____ () C:\Users\Petra\Downloads\PAKA5.psd 2014-08-04 15:49 - 2013-11-24 13:28 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\HpUpdate 2014-08-03 16:48 - 2013-11-21 12:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-31 09:55 - 2014-05-11 20:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-30 18:36 - 2014-07-30 14:49 - 00000000 ____D () C:\Users\Petra\Downloads\GSpot270a 2014-07-30 14:36 - 2014-07-30 14:36 - 00000000 ____D () C:\Users\Petra\Documents\GSpot270a 2014-07-30 14:35 - 2014-07-30 14:35 - 00411509 _____ () C:\Users\Petra\Downloads\GSpot270a.zip 2014-07-28 08:20 - 2014-07-27 20:18 - 00000000 ____D () C:\Users\Petra\AppData\Local\{7B9F2A39-A1FC-4DDE-BD59-73914D1F96A7} 2014-07-27 20:40 - 2014-07-27 20:40 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-27 20:37 - 2014-07-27 20:34 - 00000000 ____D () C:\Users\Petra\AppData\Local\Rocket 2014-07-27 20:35 - 2014-07-27 20:35 - 00001656 _____ () C:\Users\Public\Desktop\Free AVI Video Converter.lnk 2014-07-27 20:35 - 2013-05-20 21:01 - 00001208 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-07-27 20:33 - 2014-07-27 20:33 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\RocketUpdater 2014-07-27 20:32 - 2013-11-21 12:17 - 00001104 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-27 20:30 - 2014-07-27 20:29 - 01526024 _____ (Koyote-Lab Inc) C:\Users\Petra\Downloads\FreeVideoConverterSetup-r135-n-bf(1).exe 2014-07-27 20:29 - 2014-07-27 20:29 - 00723336 _____ ( ) C:\Users\Petra\Downloads\FreeAVIVideoConverter.exe 2014-07-27 20:15 - 2014-04-20 20:58 - 00000578 _____ () C:\Users\Petra\Desktop\DVDStyler.lnk 2014-07-26 08:11 - 2012-08-23 08:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-25 09:09 - 2012-08-23 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-24 20:29 - 2014-07-24 20:29 - 00004608 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-24 20:07 - 2014-08-13 09:06 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-24 19:58 - 2014-08-13 09:06 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-24 19:57 - 2014-08-13 09:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-24 19:52 - 2014-08-13 09:06 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-24 19:51 - 2014-08-13 09:06 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-24 19:51 - 2014-08-13 09:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-24 19:50 - 2014-08-13 09:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-07-24 19:50 - 2014-08-13 09:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-24 19:49 - 2014-08-13 09:06 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-07-24 19:49 - 2014-08-13 09:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-24 19:49 - 2014-08-13 09:05 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-24 19:49 - 2014-08-13 09:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-24 19:49 - 2014-08-13 09:05 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-24 19:48 - 2014-08-13 09:06 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-24 19:48 - 2014-08-13 09:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-24 19:48 - 2014-08-13 09:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-24 19:48 - 2014-08-13 09:06 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-07-24 19:48 - 2014-08-13 09:06 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-07-24 19:48 - 2014-08-13 09:06 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-07-24 19:48 - 2014-08-13 09:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-24 19:47 - 2014-08-13 09:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-21 20:32 - 2014-07-21 20:31 - 00000000 ____D () C:\Users\Petra\AppData\Local\{5F75AAF1-365A-4D11-9D79-8536E2D97E6A} Some content of TEMP: ==================== C:\Users\Petra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyzxxur.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 09:56 ==================== End Of Log ============================ |
|
19.08.2014, 16:34
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 - Werbefenster öffnen sich überall hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Addition.txt fehlt noch.
__________________ |
|
19.08.2014, 18:29
| #3 |
| | Windows 7 - Werbefenster öffnen sich überall Sorry - hab ich überlesen! Addition.txt
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2014 01
Ran by Petra at 2014-08-19 16:36:33
Running from C:\Users\Petra\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
Audacity 2.0.4 (HKLM\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
buenosearch toolbar (HKLM\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft)
DriverTuner 3.1.0.1 (HKLM\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DVDStyler v2.7.2 (HKLM\...\DVDStyler_is1) (Version: - )
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
FilesFrog Update Checker (HKLM\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION
FOTO AT Fotowelt (HKLM\...\FOTO AT Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Free Audio CD Burner version 2.0.25.430 (HKLM\...\Free Audio CD Burner_is1) (Version: 2.0.25.430 - DVDVideoSoft Ltd.)
Free AVI Video Converter version 5.0.45.716 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{7D1EFB03-7D84-446E-8B90-6ECD7EDF4D55}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Image Resizer for Windows (HKLM\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Image Resizer for Windows (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mysearchdial (HKLM\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION
NVIDIA Grafiktreiber 296.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 121.20 - NVIDIA Corporation)
NVIDIA Systemsteuerung 296.88 (Version: 296.88 - NVIDIA Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
SaveSense (HKCU\...\SaveSense) (Version: - ) <==== ATTENTION
SaveSense (remove only) (HKLM\...\SaveSense) (Version: 5.3.0.6 - SaveSense) <==== ATTENTION
Search Protect (HKLM\...\SearchProtect) (Version: 2.16.20.192 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Sierra Wireless HSDPA MiniCard (HKLM\...\{D2A6CB42-8327-4167-AB04-F4A15658F2BF}) (Version: 7.0.2.1300 - Sierra Wireless Inc)
Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{1012904D-3F7E-44A6-B425-5AF21272BECE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.5.0 - )
ThinkVantage Access Connections (HKLM\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinSpeed (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}) (Version: - 24soft) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{090746F9-9F39-42C0-920A-4852C2EDE704}\InprocServer32 -> C:\Users\Petra\AppData\Local\Temp\{D430101B-77E4-471D-A522-50A29D54A5C4}\APAX.dll No File
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{69026072-B4B5-4446-9732-CDA579736741}\InprocServer32 -> C:\Users\Petra\AppData\Local\Temp\{D430101B-77E4-471D-A522-50A29D54A5C4}\APAX.dll No File
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{780927D9-C564-4C09-8892-43E6EF2A8AFB}\InprocServer32 -> C:\Users\Petra\AppData\Local\Temp\{D430101B-77E4-471D-A522-50A29D54A5C4}\APAX.dll No File
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4103409644-2115618623-1480157512-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-08-2014 07:55:16 Windows Update
17-08-2014 17:35:49 Windows-Sicherung
19-08-2014 14:11:23 Removed Adobe Reader XI (11.0.08) - Deutsch.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00FC3203-BF20-4758-BBE8-595793B6690C} - System32\Tasks\MySearchDial => C:\Users\Petra\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {0599E4F8-7BBB-4A66-8892-A05B5A7AEE42} - System32\Tasks\DriverTuner Startup => C:\Program Files\DriverTuner\DriverTuner.exe [2013-07-11] (LionSea)
Task: {084F1309-360A-4A2A-9DBB-76DE102BBE45} - System32\Tasks\SaveSense => C:\Users\Petra\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {229CCB71-88EE-423D-819E-B1E5C28698B9} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {334F25D2-DD12-498A-85C2-8FB6007B0E8C} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Petra\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION
Task: {4C011E77-DA11-4F81-ABFC-1865616DB01A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {580E5D36-E892-4C4D-B8A1-51680034BCED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {636B383B-A570-47E5-A408-EC52B96D8BD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {647A52DD-F4F7-4082-8264-1CAADB9A9698} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-16] (Lenovo Group Limited)
Task: {671B36AF-D224-44DC-8089-1B31AB2CB173} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.)
Task: {7BF47AD5-78CD-4FF5-AA75-3DC173014695} - System32\Tasks\Rocket Updater => C:\Users\Petra\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe [2013-05-02] ()
Task: {BC46DDA0-2DF1-425B-BD9F-967237C0DA06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.)
Task: {C089782C-D5F7-49C6-908E-966C38AE5D75} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2013-12-01] (SaveSense) <==== ATTENTION
Task: {C7F37480-FFEA-49DD-BD81-92521D93DB52} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2013-12-01] (SaveSense) <==== ATTENTION
Task: {D31AAEB9-E890-44DF-9A78-3E7097193B88} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {F4603389-D38B-40F6-AE38-CB37B8EE87DC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Petra\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Petra\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Petra\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-05-30 17:32 - 2012-05-30 17:32 - 00086016 _____ () C:\Program Files\Lenovo\Access Connections\AcWrpc.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-01-24 12:35 - 2011-01-24 12:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-08-23 11:20 - 2012-05-16 06:32 - 00094208 _____ () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-08-17 09:13 - 2014-08-17 09:13 - 00186192 _____ () c:\ProgramData\WinSpeed\WinSpeedSvc.dll
2014-08-17 09:13 - 2014-08-17 09:13 - 04127232 _____ () c:\ProgramData\WinSpeed\WinSpeed.dll
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-08-19 16:07 - 2014-08-19 16:07 - 00043008 _____ () c:\users\petra\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyzxxur.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Petra\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-17 21:19 - 2013-12-17 21:19 - 00049152 ____C () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-05-11 20:05 - 2014-07-31 09:54 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 12:17 - 2014-07-09 12:17 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2014 04:31:42 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-4103409644-2115618623-1480157512-1001}/">.
Error: (08/19/2014 04:13:19 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-4103409644-2115618623-1480157512-1001}/">.
Error: (08/19/2014 00:09:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/19/2014 00:05:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/19/2014 10:52:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/18/2014 09:28:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/18/2014 09:24:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/17/2014 09:56:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/15/2014 03:52:35 PM) (Source: MsiInstaller) (EventID: 1024) (User: Petra-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/15/2014 01:00:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (08/17/2014 09:13:40 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error: (08/17/2014 09:13:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error: (08/17/2014 09:13:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error: (08/17/2014 09:13:38 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error: (08/17/2014 09:13:38 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error: (08/15/2014 08:37:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (08/14/2014 07:53:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (08/14/2014 07:53:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (08/14/2014 07:53:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (08/14/2014 07:53:27 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Microsoft Office Sessions:
=========================
Error: (08/19/2014 04:31:42 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-4103409644-2115618623-1480157512-1001}/
Error: (08/19/2014 04:13:19 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-4103409644-2115618623-1480157512-1001}/
Error: (08/19/2014 00:09:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\drivertuner\DPInst64.exe
Error: (08/19/2014 00:05:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6700\DriverStore\Pipeline\amd64\hpinkins5C12.exe
Error: (08/19/2014 10:52:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6700\DriverStore\Pipeline\amd64\hpinkins5C12.exe
Error: (08/18/2014 09:28:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\drivertuner\DPInst64.exe
Error: (08/18/2014 09:24:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6700\DriverStore\Pipeline\amd64\hpinkins5C12.exe
Error: (08/17/2014 09:56:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6700\DriverStore\Pipeline\amd64\hpinkins5C12.exe
Error: (08/15/2014 03:52:35 PM) (Source: MsiInstaller) (EventID: 1024) (User: Petra-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/15/2014 01:00:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\drivertuner\DPInst64.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 3062.3 MB
Available physical RAM: 1416.82 MB
Total Pagefile: 6122.88 MB
Available Pagefile: 4143.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.61 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:66.71 GB) (Free:30.01 GB) NTFS
Drive f: (PRIVAT) (Fixed) (Total:465.64 GB) (Free:385.79 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 37B70E1B)
Partition 1: (Active) - (Size=7.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=66.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: F5282A0E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by Petra (administrator) on PETRA-PC on 19-08-2014 16:35:12
Running from C:\Users\Petra\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Somoto) C:\Users\Petra\AppData\Local\FilesFrog Update Checker\update_checker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SaveSense) C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSPUB.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSPUB.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSPUB.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Dropbox, Inc.) C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-4103409644-2115618623-1480157512-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4103409644-2115618623-1480157512-1001\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\Petra\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
AppInit_DLLs: c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files\searchprotect\searchprotect\bin\spvc32loader.dll [187328 2014-07-22] ()
AppInit_DLLs: c:\progra~2\winspeed\winspeed.dll => c:\ProgramData\WinSpeed\WinSpeed.dll [4127232 2014-08-17] ()
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.max-start.com/?babsrc=HP_ss_mib2&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xABF32BFAA22CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?q=google&babsrc=HP_ss&s=web&rlz=0&as=0&ac=0%2C1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=58&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&q={searchTerms}&SSPV=
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=58&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013
BHO: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Program Files\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
BHO: buenosearch Helper Object -> {F1C81E40-2485-4DB6-8C9D-04BD596B281E} -> C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKLM - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
DPF: {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9
FF DefaultSearchEngine: WSE Rocket
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: WSE Rocket
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF user.js: detected! => C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\user.js
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\WSE Rocket.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: BuenoSearch - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\ffxtlbr@buenosearch.com [2014-04-18]
FF Extension: mysearchdial.com - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\ffxtlbr@mysearchdial.com [2014-04-13]
FF Extension: SmartCompaRe - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\hpbrdeuytjdd@oj-qhyt.edu [2014-08-17]
FF Extension: SaveSense - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} [2013-12-01]
FF Extension: Rocket New Tab - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b} [2014-07-27]
FF Extension: Ask Toolbar - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi [2014-03-26]
FF Extension: MySearchDial - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-13]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-05-20]
Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=55&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=55&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&SSPV="
CHR NewTab: "chrome-extension://iagcajndpnfncplednpbnkahadegklfa/content/newtab/newtab.html", "chrome-extension://amfclgbdpgndipgoegfpkkgobahigbcl/redirect.html"
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultSearchURL: hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M53BE9289-5B71-404B-A9D4-15DB387ADCFE&SearchSource=58&CUI=&UM=5&UP=SP1E90BFB9-87F8-45E5-BA13-C8B6775B64F9&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (New Tab Page) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-12-21]
CHR Extension: (Google Docs) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31]
CHR Extension: (Wunderlist Panel) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo [2014-08-17]
CHR Extension: (MySearchDial Neuer Tab) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-08-19]
CHR Extension: (SaveSense) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2013-12-01]
CHR Extension: (No Name) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop [2013-11-16]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Petra\AppData\Local\speedial.crx [2014-04-13]
CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Petra\AppData\Local\speedial.crx [2014-04-13]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-05-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134240 2012-05-30] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [273504 2012-05-30] (Lenovo)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-24] () [File not signed]
S4 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2975168 2014-07-22] () [File not signed]
R2 f1f78e38; c:\ProgramData\WinSpeed\WinSpeedSvc.dll [186192 2014-08-17] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-01] (SaveSense)
S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-01] (SaveSense)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [22840 2012-07-05] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [23608 2012-07-05] (Synaptics Incorporated)
R3 SWNC8U01; C:\Windows\System32\DRIVERS\SWNC8U01.sys [102144 2007-01-12] (Sierra Wireless Inc.)
R3 SWUMX01; C:\Windows\System32\DRIVERS\swumx01.sys [70656 2007-01-12] (Sierra Wireless Inc.)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52920 2014-04-21] (StdLib)
S3 HSF_DPV; system32\DRIVERS\HSX_DPV.sys [X]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 winachsf; system32\DRIVERS\HSX_CNXT.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 16:35 - 2014-08-19 16:35 - 00024510 _____ () C:\Users\Petra\Downloads\FRST.txt
2014-08-19 16:34 - 2014-08-19 16:35 - 00000000 ___DC () C:\FRST
2014-08-19 16:33 - 2014-08-19 16:33 - 01093632 _____ (Farbar) C:\Users\Petra\Downloads\FRST.exe
2014-08-19 16:13 - 2014-08-19 16:13 - 00000000 ___DC () C:\Program Files\SmarotCompAre
2014-08-19 11:15 - 2014-08-19 16:17 - 00065536 ___HT () C:\Users\Petra\~Outlook.pst.tmp
2014-08-17 09:33 - 2014-08-19 16:13 - 00000000 ____D () C:\ProgramData\SmarotCompAre
2014-08-17 09:33 - 2014-08-19 16:13 - 00000000 ____D () C:\ProgramData\b089358267e0237d
2014-08-17 09:13 - 2014-08-17 09:13 - 00000000 ____D () C:\ProgramData\WinSpeed
2014-08-14 08:05 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 08:04 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 08:04 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 08:04 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 10:17 - 2014-08-13 10:27 - 70454999 _____ () C:\Users\Petra\Downloads\Heidi_Folge_16_deutsch.mp4
2014-08-13 10:17 - 2014-08-13 10:27 - 69942527 _____ () C:\Users\Petra\Downloads\Heidi_Folge_17_deutsch.mp4
2014-08-13 10:16 - 2014-08-13 10:27 - 75299683 _____ () C:\Users\Petra\Downloads\Heidi_Folge_15_deutsch.mp4
2014-08-13 10:15 - 2014-08-13 10:26 - 73407198 _____ () C:\Users\Petra\Downloads\Heidi_Folge_14_deutsch.mp4
2014-08-13 10:14 - 2014-08-13 10:25 - 83459007 _____ () C:\Users\Petra\Downloads\Heidi_Folge_13_deutsch.mp4
2014-08-13 10:12 - 2014-08-13 10:24 - 81268667 _____ () C:\Users\Petra\Downloads\Heidi_Folge_11_deutsch.mp4
2014-08-13 10:12 - 2014-08-13 10:24 - 80383649 _____ () C:\Users\Petra\Downloads\Heidi_Folge_12_deutsch.mp4
2014-08-13 10:11 - 2014-08-13 10:14 - 70934097 _____ () C:\Users\Petra\Downloads\Heidi_Folge_10_deutsch.mp4
2014-08-13 09:06 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 09:06 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 09:06 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 09:06 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 09:06 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 09:06 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 09:06 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 09:06 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 09:06 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 09:06 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 09:06 - 2014-07-16 04:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 09:06 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 09:06 - 2014-07-16 03:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 09:06 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 09:06 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:06 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 09:06 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 09:06 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 09:06 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 09:06 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 09:06 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 09:05 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 09:05 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 09:05 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 09:05 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 09:05 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 09:05 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 09:05 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-08 13:53 - 2014-08-08 13:54 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Petra\Downloads\FreeYouTubeToMP3Converter(2).exe
2014-08-07 20:53 - 2014-08-07 20:53 - 00000964 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-05 19:58 - 2014-08-05 19:58 - 01868412 _____ () C:\Users\Petra\Downloads\PAKA5.psd
2014-07-31 10:04 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 10:04 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 10:04 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 10:04 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 10:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 10:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-30 14:49 - 2014-07-30 18:36 - 00000000 ____D () C:\Users\Petra\Downloads\GSpot270a
2014-07-30 14:36 - 2014-07-30 14:36 - 00000000 ____D () C:\Users\Petra\Documents\GSpot270a
2014-07-30 14:35 - 2014-07-30 14:35 - 00411509 _____ () C:\Users\Petra\Downloads\GSpot270a.zip
2014-07-27 20:42 - 2014-08-17 09:13 - 00000000 ____D () C:\ProgramData\2308189059
2014-07-27 20:40 - 2014-07-27 20:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 20:35 - 2014-07-27 20:35 - 00001656 _____ () C:\Users\Public\Desktop\Free AVI Video Converter.lnk
2014-07-27 20:34 - 2014-07-27 20:37 - 00000000 ____D () C:\Users\Petra\AppData\Local\Rocket
2014-07-27 20:33 - 2014-08-19 16:33 - 00000292 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-07-27 20:33 - 2014-07-27 20:33 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\RocketUpdater
2014-07-27 20:29 - 2014-07-27 20:30 - 01526024 _____ (Koyote-Lab Inc) C:\Users\Petra\Downloads\FreeVideoConverterSetup-r135-n-bf(1).exe
2014-07-27 20:29 - 2014-07-27 20:29 - 00723336 _____ ( ) C:\Users\Petra\Downloads\FreeAVIVideoConverter.exe
2014-07-27 20:18 - 2014-07-28 08:20 - 00000000 ____D () C:\Users\Petra\AppData\Local\{7B9F2A39-A1FC-4DDE-BD59-73914D1F96A7}
2014-07-24 20:29 - 2014-07-24 20:29 - 00004608 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-21 20:31 - 2014-07-21 20:32 - 00000000 ____D () C:\Users\Petra\AppData\Local\{5F75AAF1-365A-4D11-9D79-8536E2D97E6A}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 16:35 - 2014-08-19 16:35 - 00024510 _____ () C:\Users\Petra\Downloads\FRST.txt
2014-08-19 16:35 - 2014-08-19 16:34 - 00000000 ___DC () C:\FRST
2014-08-19 16:35 - 2009-07-14 06:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 16:35 - 2009-07-14 06:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 16:34 - 2013-12-24 15:53 - 25666560 _____ () C:\Users\Petra\Outlook.pst
2014-08-19 16:33 - 2014-08-19 16:33 - 01093632 _____ (Farbar) C:\Users\Petra\Downloads\FRST.exe
2014-08-19 16:33 - 2014-07-27 20:33 - 00000292 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-08-19 16:33 - 2014-04-13 09:33 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2014-08-19 16:28 - 2014-01-22 15:18 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\inkscape
2014-08-19 16:17 - 2014-08-19 11:15 - 00065536 ___HT () C:\Users\Petra\~Outlook.pst.tmp
2014-08-19 16:17 - 2013-11-06 20:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 16:17 - 2013-05-31 07:17 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 16:16 - 2013-03-29 16:33 - 00000000 ____D () C:\Users\Petra
2014-08-19 16:15 - 2013-11-26 19:36 - 00000000 ____D () C:\Users\Petra\AppData\Local\CrashDumps
2014-08-19 16:15 - 2013-03-29 16:22 - 01153557 ____N () C:\Windows\WindowsUpdate.log
2014-08-19 16:15 - 2012-08-23 18:01 - 00000000 ____D () C:\Windows\Panther
2014-08-19 16:13 - 2014-08-19 16:13 - 00000000 ___DC () C:\Program Files\SmarotCompAre
2014-08-19 16:13 - 2014-08-17 09:33 - 00000000 ____D () C:\ProgramData\SmarotCompAre
2014-08-19 16:13 - 2014-08-17 09:33 - 00000000 ____D () C:\ProgramData\b089358267e0237d
2014-08-19 16:12 - 2013-04-27 19:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-19 16:07 - 2013-06-24 10:30 - 00000000 ___RD () C:\Users\Petra\Dropbox
2014-08-19 16:07 - 2013-06-24 10:27 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-19 16:07 - 2013-06-24 10:27 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Dropbox
2014-08-19 11:17 - 2013-05-31 07:17 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 09:13 - 2014-08-17 09:13 - 00000000 ____D () C:\ProgramData\WinSpeed
2014-08-17 09:13 - 2014-07-27 20:42 - 00000000 ____D () C:\ProgramData\2308189059
2014-08-15 16:21 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 08:43 - 2013-05-31 07:22 - 00002128 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 21:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-14 08:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 08:30 - 2013-12-21 17:55 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\newnext.me
2014-08-14 08:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 08:28 - 2009-07-14 06:33 - 00409176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 08:26 - 2014-05-07 09:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 08:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-14 08:10 - 2013-04-07 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 10:27 - 2014-08-13 10:17 - 70454999 _____ () C:\Users\Petra\Downloads\Heidi_Folge_16_deutsch.mp4
2014-08-13 10:27 - 2014-08-13 10:17 - 69942527 _____ () C:\Users\Petra\Downloads\Heidi_Folge_17_deutsch.mp4
2014-08-13 10:27 - 2014-08-13 10:16 - 75299683 _____ () C:\Users\Petra\Downloads\Heidi_Folge_15_deutsch.mp4
2014-08-13 10:26 - 2014-08-13 10:15 - 73407198 _____ () C:\Users\Petra\Downloads\Heidi_Folge_14_deutsch.mp4
2014-08-13 10:25 - 2014-08-13 10:14 - 83459007 _____ () C:\Users\Petra\Downloads\Heidi_Folge_13_deutsch.mp4
2014-08-13 10:24 - 2014-08-13 10:12 - 81268667 _____ () C:\Users\Petra\Downloads\Heidi_Folge_11_deutsch.mp4
2014-08-13 10:24 - 2014-08-13 10:12 - 80383649 _____ () C:\Users\Petra\Downloads\Heidi_Folge_12_deutsch.mp4
2014-08-13 10:14 - 2014-08-13 10:11 - 70934097 _____ () C:\Users\Petra\Downloads\Heidi_Folge_10_deutsch.mp4
2014-08-08 13:59 - 2014-05-05 20:11 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-08-08 13:58 - 2013-05-20 21:00 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\DVDVideoSoft
2014-08-08 13:57 - 2014-05-05 20:14 - 00000000 ___DC () C:\Program Files\SearchProtect
2014-08-08 13:57 - 2013-05-20 21:01 - 00002283 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-08 13:56 - 2013-05-20 21:00 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\OpenCandy
2014-08-08 13:54 - 2014-08-08 13:53 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Petra\Downloads\FreeYouTubeToMP3Converter(2).exe
2014-08-07 20:53 - 2014-08-07 20:53 - 00000964 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-07 20:53 - 2014-01-09 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-07 03:43 - 2014-08-13 09:06 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-13 09:06 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 19:58 - 2014-08-05 19:58 - 01868412 _____ () C:\Users\Petra\Downloads\PAKA5.psd
2014-08-04 15:49 - 2013-11-24 13:28 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\HpUpdate
2014-08-03 16:48 - 2013-11-21 12:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-31 09:55 - 2014-05-11 20:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 18:36 - 2014-07-30 14:49 - 00000000 ____D () C:\Users\Petra\Downloads\GSpot270a
2014-07-30 14:36 - 2014-07-30 14:36 - 00000000 ____D () C:\Users\Petra\Documents\GSpot270a
2014-07-30 14:35 - 2014-07-30 14:35 - 00411509 _____ () C:\Users\Petra\Downloads\GSpot270a.zip
2014-07-28 08:20 - 2014-07-27 20:18 - 00000000 ____D () C:\Users\Petra\AppData\Local\{7B9F2A39-A1FC-4DDE-BD59-73914D1F96A7}
2014-07-27 20:40 - 2014-07-27 20:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 20:37 - 2014-07-27 20:34 - 00000000 ____D () C:\Users\Petra\AppData\Local\Rocket
2014-07-27 20:35 - 2014-07-27 20:35 - 00001656 _____ () C:\Users\Public\Desktop\Free AVI Video Converter.lnk
2014-07-27 20:35 - 2013-05-20 21:01 - 00001208 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-27 20:33 - 2014-07-27 20:33 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\RocketUpdater
2014-07-27 20:32 - 2013-11-21 12:17 - 00001104 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-27 20:30 - 2014-07-27 20:29 - 01526024 _____ (Koyote-Lab Inc) C:\Users\Petra\Downloads\FreeVideoConverterSetup-r135-n-bf(1).exe
2014-07-27 20:29 - 2014-07-27 20:29 - 00723336 _____ ( ) C:\Users\Petra\Downloads\FreeAVIVideoConverter.exe
2014-07-27 20:15 - 2014-04-20 20:58 - 00000578 _____ () C:\Users\Petra\Desktop\DVDStyler.lnk
2014-07-26 08:11 - 2012-08-23 08:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:09 - 2012-08-23 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:29 - 2014-07-24 20:29 - 00004608 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-24 20:07 - 2014-08-13 09:06 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 19:58 - 2014-08-13 09:06 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 19:57 - 2014-08-13 09:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 19:52 - 2014-08-13 09:06 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 19:51 - 2014-08-13 09:06 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 19:51 - 2014-08-13 09:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 19:50 - 2014-08-13 09:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 19:50 - 2014-08-13 09:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 19:49 - 2014-08-13 09:06 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 19:49 - 2014-08-13 09:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 19:48 - 2014-08-13 09:06 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 19:48 - 2014-08-13 09:06 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 19:48 - 2014-08-13 09:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 19:47 - 2014-08-13 09:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-21 20:32 - 2014-07-21 20:31 - 00000000 ____D () C:\Users\Petra\AppData\Local\{5F75AAF1-365A-4D11-9D79-8536E2D97E6A}
Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyzxxur.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 09:56
==================== End Of Log ============================
--- --- --- |
|
20.08.2014, 10:48
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 - Werbefenster öffnen sich überall Adware & Co. deinstallieren
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.08.2014, 15:13
| #5 |
| | Windows 7 - Werbefenster öffnen sich überallCode:
ATTFilter ComboFix 14-08-19.01 - Petra 20.08.2014 15:38:53.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3062.1771 [GMT 2:00]
ausgeführt von:: c:\users\Petra\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SaveSense
c:\program files\SaveSense\icon.ico
c:\program files\SaveSense\SaveSense.crx
c:\program files\SaveSense\SaveSense.xpi
c:\program files\SaveSense\SaveSenseIE.dll
c:\program files\SaveSense\SaveSenseIE64.dll
c:\program files\SaveSense\SaveSenseUpdateVer.exe
c:\program files\SaveSense\uninst.exe
c:\program files\SaveSenseLive
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdate.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_am.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ar.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_bg.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_bn.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ca.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_cs.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_da.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_de.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_el.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_en-GB.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_en.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_es-419.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_es.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_et.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_fa.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_fi.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_fil.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_fr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_gu.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_hi.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_hr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_hu.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_id.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_is.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_it.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_iw.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ja.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_kn.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ko.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_lt.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_lv.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ml.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_mr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ms.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_nl.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_no.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_pl.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-BR.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-PT.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ro.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ru.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sk.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sl.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sv.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sw.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ta.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_te.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_th.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_tr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_uk.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ur.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_vi.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-CN.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-TW.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\psmachine.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\psuser.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHelper.msi
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe
c:\program files\SaveSenseLive\Update\SaveSenseLive.exe
c:\program files\SearchProtect
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\programdata\2308189059
c:\programdata\SaveSenseLive
c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log
c:\programdata\WinSpeed
c:\programdata\WinSpeed\WinSpeed.dll
c:\programdata\WinSpeed\WinSpeedSvc.dll
c:\users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo
c:\users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo\191\background.html
c:\users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo\191\content.js
c:\users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo\191\lsdb.js
c:\users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo\191\manifest.json
c:\users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo\191\nPVm.js
c:\users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hnkkhbbhipldmgjflneimpacklkiogpo_0.localstorage
c:\users\Petra\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
c:\users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url
c:\users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url
c:\users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk
c:\users\Petra\AppData\Roaming\SaveSense
c:\users\Petra\AppData\Roaming\SaveSense\UpdateProc\config.dat
c:\users\Petra\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_savesenselive
-------\Service_savesenselivem
-------\Service_savesenselivem
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-20 bis 2014-08-20 ))))))))))))))))))))))))))))))
.
.
2014-08-20 13:31 . 2014-08-20 13:31 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F1D26CA-7B4A-41A4-A021-48FAC4B6D29F}\MpKsl82aa16a2.sys
2014-08-20 12:12 . 2014-08-20 12:12 -------- dc----w- c:\program files\VS Revo Group
2014-08-20 10:32 . 2014-08-20 10:31 893248 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF33478A-8C1D-45E0-9359-71FF4BFBA164}\gapaengine.dll
2014-08-20 10:31 . 2014-08-07 09:05 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F1D26CA-7B4A-41A4-A021-48FAC4B6D29F}\mpengine.dll
2014-08-19 14:34 . 2014-08-19 14:38 -------- dc----w- C:\FRST
2014-08-19 14:13 . 2014-08-19 14:13 -------- dc----w- c:\program files\SmarotCompAre
2014-08-19 09:35 . 2014-08-07 09:05 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-17 07:33 . 2014-08-19 14:13 -------- d-----w- c:\programdata\b089358267e0237d
2014-08-17 07:33 . 2014-08-20 06:18 -------- d-----w- c:\programdata\SmarotCompAre
2014-08-14 06:05 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 06:04 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 06:04 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 06:04 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 07:05 . 2014-07-24 17:50 223232 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2014-07-31 08:04 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-07-31 08:04 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-31 08:04 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-31 08:04 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-07-31 08:04 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-07-31 08:04 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-07-31 08:04 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-07-31 08:04 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-31 08:04 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-27 18:34 . 2014-07-27 18:37 -------- d-----w- c:\users\Petra\AppData\Local\Rocket
2014-07-27 18:33 . 2014-07-27 18:33 -------- d-----w- c:\users\Petra\AppData\Roaming\RocketUpdater
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 10:17 . 2013-03-29 18:39 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 10:17 . 2013-03-29 18:39 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-18 01:51 . 2014-07-09 10:04 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-06 09:44 . 2014-07-09 10:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 10:03 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 10:03 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 10:03 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 10:03 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 10:03 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 10:03 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 10:04 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 10:03 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 10:04 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-02-10 20:19 . 2014-02-10 20:19 49940480 -c--a-w- c:\program files\GUT8DC9.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-08-07 10:51 297128 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"NextLive"="c:\users\Petra\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2012-05-30 64608]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-05-16 4395104]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-07-05 2342200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
c:\users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-8-15 36414752]
Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN36RB5H2205RQ;CONNECTION=NW;MONITOR=1; [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 f1f78e38;WinSpeed;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-05-16 280640]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver_AMDASF.sys [2012-07-05 22840]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2012-07-05 23608]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-30 1343400]
R4 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-06-23 165784]
R4 CltMngSvc;Search Protect Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-05-16 25416]
S1 MpKsl82aa16a2;MpKsl82aa16a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F1D26CA-7B4A-41A4-A021-48FAC4B6D29F}\MpKsl82aa16a2.sys [2014-08-20 39464]
S1 wStLibG;wStLibG;c:\windows\system32\drivers\wStLibG.sys [2014-04-21 52920]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\DRIVERS\SWNC8U01.sys [2007-01-12 102144]
S3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\DRIVERS\swumx01.sys [2007-01-12 70656]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc FontCache Mcx2Svc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 06:38 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-06 10:17]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-31 05:17]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-31 05:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.max-start.com/?babsrc=HP_ss_mib2&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=AT&userid=fc84b881-dbc4-fd8c-c066-be1e7643f9a2&searchtype=ds&q={searchTerms}&installDate=21/12/2013
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - user.js: extensions.irmysearch.aflt - dvd_14_15_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_b
FF - user.js: extensions.irmysearch.cr - 294409713
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=&q=
FF - user.js: extensions.mysearchdial.id - 00A0D5FFFF8556E9
FF - user.js: extensions.mysearchdial.instlDay - 16173
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.09:32
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dvd_14_15_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_b
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 294409713
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221
FF - user.js: extensions.buenosearch.id - 285c56e900000000000000a0d5ffff85
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16178
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.720:33
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
FF - user.js: extensions.nspdlrckt.aflt - rckt_dvd_14_30_ff
FF - user.js: extensions.nspdlrckt.instlRef - 142905_a
FF - user.js: extensions.nspdlrckt.cr - 1449151023
FF - user.js: extensions.nspdlrckt.cd - 2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzytAzytN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCzz0E0B0EzytByDtGtAyEtDyCtGzzyC0FtAtGyCyE0CtBtGtAyEyByByEtBtCtAyC0AtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-DVDStyler_is1 - e:\dvdstyler\unins000.exe
AddRemove-Inkscape - e:\inkscape\Uninstall.exe
AddRemove-SaveSense - c:\program files\SaveSense\uninst.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38} - c:\progra~2\WinSpeed\WinSpeed.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1160)
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\fxssvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\users\Petra\AppData\Local\FilesFrog Update Checker\update_checker.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-20 16:03:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-20 14:03
.
Vor Suchlauf: 9 Verzeichnis(se), 33.766.735.872 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 33.481.146.368 Bytes frei
.
- - End Of File - - FE368DF2BCF0771D8DF184D1BE37A3B6
A36C5E4F47E84449FF07ED3517B43A31
|
|
21.08.2014, 10:57
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 - Werbefenster öffnen sich überall Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 - Werbefenster öffnen sich überall |
|
21.08.2014, 13:27
| #7 |
| | Windows 7 - Werbefenster öffnen sich überallCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.08.2014 Suchlauf-Zeit: 13:28:45 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.21.03 Rootkit Datenbank: v2014.08.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Petra Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 289379 Verstrichene Zeit: 11 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.ClearThink.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ClearThink, In Quarantäne, [d463d7f2453668cedc88fd50c4403dc3], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 55 PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2);), Ersetzt,[2413d5f49ae15bdb0bbc749764a1758b] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.aflt", "dvd_14_15_ff");), Ersetzt,[e84fecdd5d1e26102e9944c77c89a45c] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Ersetzt,[10278e3bf982cb6bf5d29c6fa362a55b] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q");), Ersetzt,[c86ff1d8364542f4d3f4e02bba4b0df3] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cntry", "AT");), Ersetzt,[44f306c3d8a3b086cdfa26e53ec731cf] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cr", "294409713");), Ersetzt,[60d78148b5c6c0769532c9429a6b9b65] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltLng", "");), Ersetzt,[a5926c5d7a01b383398e57b448bd5ca4] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltSrch", true);), Ersetzt,[0433f8d13c3f74c218aff4177a8b08f8] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dnsErr", true);), Ersetzt,[61d66e5be79446f07c4b3dceef16827e] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), Ersetzt,[d66120a9cab158de883f2ae134d1f808] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dpk_blck", "true");), Ersetzt,[162105c4ceadb3830eb9ed1ef80d966a] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dpk_prompt", "true");), Ersetzt,[52e57752df9cf73f1fa866a535d0dd23] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.excTlbr", false);), Ersetzt,[b3847653df9c15213e8931daf80dd729] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hdrMd5", "A5A491E48FAFF463FCB5498995D4C79A");), Ersetzt,[4ee9c50438436bcbd3f4a36856af639d] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true);), Ersetzt,[f245cbfec1ba86b00cbba46728ddbb45] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=");), Ersetzt,[eb4c7554e49772c44780c843798c817f] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.id", "00A0D5FFFF8556E9");), Ersetzt,[e5525178bdbe65d124a3db30976e7888] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlDay", "16173");), Ersetzt,[8bac0ebb106bd165b4139b707293857b] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlRef", "140305_b");), Ersetzt,[1f18f0d9b6c58aacbb0c15f68f76c040] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastB", "hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11409&pf=V7&trgb=FF&p2=Ersetzt,[2a0d26a37a01cd69eadd3ecd13f2d62a]EBBHErsetzt,[2a0d26a37a01cd69eadd3ecd13f2d62a]EOSJ000Ersetzt,[2a0d26a37a01cd69eadd3ecd13f2d62a]EYYErsetzt,[2a0d26a37a01cd69eadd3ecd13f2d62a]EAT&gct=hp&apn_ptnrs=BBH&apn_dtid=Ersetzt,[2a0d26a37a01cd69eadd3ecd13f2d62a]EOSJ000Ersetzt,[2a0d26a37a01cd69eadd3ecd13f2d62a]EYYErsetzt,[2a0d26a37a01cd69eadd3ecd13f2d62a]EAT&apn_dbr=ff_29.0.1.5239&apn_uid=EAD48ECA-816D-4240-A8A3-C6383825D6EF&itbv=12.10.6.48&doi=2014-05-11&psv=");), Ersetzt,[2a0d26a37a01cd69eadd3ecd13f2d62a] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.09:32:57");), Ersetzt,[9e995b6e116a93a3ad1a5caf49bce61a] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=");), Ersetzt,[71c626a37704f73fcbfcbf4cce37d22e] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), Ersetzt,[f3441faae89361d5d1f6ef1c669f9d63] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Ersetzt,[cc6bd8f18af1e2548a3d9576976ea759] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Ersetzt,[ca6d35949fdc102682452cdf9c69f010] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.sg", "none");), Ersetzt,[eb4c1eab27545bdb0abd43c8c63f49b7] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Ersetzt,[ff38a920a4d7e4529334aa61ae57af51] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrId", "base");), Ersetzt,[40f712b74833102607c0e02b867fc63a] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDtGyBzzyCtDtGtB0EyEyBtGyB0A0EtA0C0Ezz0DzztB0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzz0Fzy0D0EtDtGtDtByB0CtGtDyE0FyDtG0DyEtB0FtGtB0A0ByCyC0Ezy0E0AyBtBtA2Q&cr=294409713&ir=&q=");), Ersetzt,[67d0e3e67308f5418e39e328b74ec13f] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");), Ersetzt,[fe396564275487af3d8a10fb669fcf31] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");), Ersetzt,[cb6c05c4304be65014b3b15ab64fa45c] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.newTab", false);), Ersetzt,[8aada4255526af8700c75dae759033cd] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Ersetzt,[999ed6f3afccd1658f38d338f90c04fc] PUP.Optional.MySearchDial.A, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.09:32:57");), Ersetzt,[39fe2e9bafcc989e5b6cf11a9372e719] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.admin", false);), Ersetzt,[bb7c8b3e3348b482ede0b05c37ceb848] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.aflt", "babsst");), Ersetzt,[73c4bc0d96e56bcb923b4fbd3cc9b44c] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), Ersetzt,[bc7b7356d2a9f3435b72020a56afa060] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.autoRvrt", "false");), Ersetzt,[73c44e7b1d5e30062f9e63a9d23303fd] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.dfltLng", "en");), Ersetzt,[e5528148d6a5f93d7459c04c28dda060] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.excTlbr", false);), Ersetzt,[5bdcd1f888f3d660ffce3bd162a358a8] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), Ersetzt,[71c6b712fd7ed462f2dbc8449a6b5ca4] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.id", "285c56e900000000000000a0d5ffff85");), Ersetzt,[9b9c3e8b423954e24687c04c9d68aa56] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.instlDay", "16178");), Ersetzt,[1522a4252655360007c60dff7590f60a] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.instlRef", "sst");), Ersetzt,[d06718b1cbb03bfb894437d533d2a65a] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.newTab", false);), Ersetzt,[082f6564bcbf1e186f5e10fce12412ee] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.prdct", "buenosearch");), Ersetzt,[47f0b118a2d9cf67e5e855b7b3522dd3] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), Ersetzt,[93a4deeb94e76bcbede048c4a85d23dd] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.rvrt", "false");), Ersetzt,[54e3b51483f8a294b31aa9636d98ff01] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.smplGrp", "none");), Ersetzt,[77c091382a514cead7f6ac60c73e8080] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221");), Ersetzt,[003709c0e398fe38c5084fbdb253eb15] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tlbrId", "base");), Ersetzt,[74c338917803c0769a3312fa4fb6cc34] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221");), Ersetzt,[5cdb8e3b582370c67c517a92887d9e62] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), Ersetzt,[8daad4f5f487da5c20add438ed18a957] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.720:33:45");), Ersetzt,[1f18a42547342f07705da26aa65f1fe1] PUP.Optional.BuenoSearch, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), Ersetzt,[c96e7950f2890a2c18b577952adbfb05] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 21/08/2014 um 14:06:06
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Petra - PETRA-PC
# Gestartet von : C:\Users\Petra\Downloads\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : APNMCP
[#] Dienst Gelöscht : BackupStack
[#] Dienst Gelöscht : f1f78e38
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\SmarotCompAre
Ordner Gelöscht : C:\Program Files\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files\Mobogenie
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\SiteLookup
Ordner Gelöscht : C:\Program Files\SmarotCompAre
Ordner Gelöscht : C:\Users\Petra\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Petra\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Petra\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Petra\AppData\Local\Rocket
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\RocketUpdater
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\aeg9tng9.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\aeg9tng9.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\aeg9tng9.default\Extensions\staged\ffxtlbr@mysearchdial.com
Ordner Gelöscht : C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Petra\daemonprocess.txt
Datei Gelöscht : C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Petra\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Petra\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\invalidprefs.js
Datei Gelöscht : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\aeg9tng9.default\user.js
Datei Gelöscht : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\user.js
***** [ Tasks ] *****
Task Gelöscht : LaunchSignup
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : SomotoUpdateCheckerAutoStart
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartCComparrEE.SmartCComparrEE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartCComparrEE.SmartCComparrEE.4.41
Schlüssel Gelöscht : HKCU\Software\59edb8ab13ab948
Schlüssel Gelöscht : HKLM\SOFTWARE\59edb8ab13ab948
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audacity_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audacity_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27C572D4-D209-746F-1D56-894A25116BD1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{27C572D4-D209-746F-1D56-894A25116BD1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Rocket Browser
Schlüssel Gelöscht : HKCU\Software\RocketUpdater
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\aeg9tng9.default\prefs.js ]
[ Datei : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\prefs.js ]
Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Zeile gelöscht : user_pref("extensions.buenosearch.admin", false);
Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false);
Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.buenosearch.id", "285c56e900000000000000a0d5ffff85");
Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16178");
Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false);
Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch");
Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false");
Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221");
Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=285C00A0D5FFFF85&affID=128492&tsp=5221");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.720:33:45");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "dvd_14_15_ff");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDyDt[...]
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "294409713");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "140305_b");
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "dvd_14_15_ff");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyDtBzzyCyCtA0FtG0EtCtDy[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "AT");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "294409713");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.dpk_blck", "true");
Zeile gelöscht : user_pref("extensions.mysearchdial.dpk_prompt", "true");
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "A5A491E48FAFF463FCB5498995D4C79A");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEt[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "00A0D5FFFF8556E9");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16173");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_b");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11409&pf=V7&trgb=FF&p2=%5EBBH%5EOSJ000%5EYY%5EAT&gct=hp&apn_ptnrs=BBH&apn_dtid=%5EOSJ000%5EYY%5EAT&apn_dbr=ff_2[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.09:32:57");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCy[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dvd_14_15_ff&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0FzzyDyDyC0EzytN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1Czut[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.09:32:57");
-\\ Google Chrome v36.0.1985.143
*************************
AdwCleaner[R0].txt - [18962 octets] - [21/08/2014 14:04:23]
AdwCleaner[S0].txt - [18752 octets] - [21/08/2014 14:06:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18813 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Petra on 21.08.2014 at 14:17:00,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4103409644-2115618623-1480157512-1001\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{00C34365-323A-491A-9DB2-F0C8F00CBE14}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{04F3588D-0204-420D-BB85-361BC2393F64}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{582CF778-57D5-4158-A7BA-94CB9B5622A8}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{5EB99C9A-60B7-472F-B0EB-0234BDC39603}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{5F75AAF1-365A-4D11-9D79-8536E2D97E6A}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{63BAAFE8-5485-4A35-8BC9-EFDBE089ADF5}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{731E331F-4129-4627-9DB6-2B54087D9D9B}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{7826BDC8-8F41-4A8D-A93F-F51037D64ABC}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{7B9F2A39-A1FC-4DDE-BD59-73914D1F96A7}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{857DCD37-EA65-43AF-A4AA-F67FF80EEE21}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{86ED7B08-365F-4C35-84F2-7EEA7BE032E4}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{8B65F44A-AA2B-4CAF-8FCC-7060971BB418}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{8D0A8B1A-C8B3-4EB7-89AE-5F7F6E99CE61}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{8DDCF6D7-75D2-4357-A1DD-373FEE4773D7}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{8E7B7C8E-AF63-40C6-8B2C-96B73FB4CBE9}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{90789995-3954-4B4C-AB67-18761DB8AA6A}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{95BA580C-3BF2-4C5F-85EA-544E0F6873C5}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{A5473894-2480-44ED-BA19-C0792F3746AC}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{AB3D2FD4-DDE6-4875-B56C-42990EA1F0B1}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{B66D9E33-CFDD-405E-9539-36BDCD56892C}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{B73C8102-48DC-4B1E-B1AE-D423EFC42137}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{CD84C476-544D-4963-B894-BE1FDCCD2477}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{D02E1600-49B9-4F71-9417-03641D6B14CD}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{D9F03070-6B7D-4FEC-BE55-9FDC5E7154BF}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{E2E35461-DF30-4ACD-9B18-DAAC06902C2E}
Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{EFD214A3-0AE0-40C8-8715-822F313EBC60}
~~~ FireFox
Emptied folder: C:\Users\Petra\AppData\Roaming\mozilla\firefox\profiles\tvr59cp9.default\minidumps [44 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.08.2014 at 14:21:10,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by Petra (administrator) on PETRA-PC on 21-08-2014 14:24:20
Running from C:\Users\Petra\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Dropbox, Inc.) C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Thisisu) C:\Users\Petra\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-4103409644-2115618623-1480157512-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xABF32BFAA22CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Site Advisor - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-21]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-05-20]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31]
CHR Extension: (No Name) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop [2013-11-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134240 2012-05-30] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [273504 2012-05-30] (Lenovo)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [22840 2012-07-05] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [23608 2012-07-05] (Synaptics Incorporated)
R3 SWNC8U01; C:\Windows\System32\DRIVERS\SWNC8U01.sys [102144 2007-01-12] (Sierra Wireless Inc.)
R3 SWUMX01; C:\Windows\System32\DRIVERS\swumx01.sys [70656 2007-01-12] (Sierra Wireless Inc.)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52920 2014-04-21] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Petra\AppData\Local\Temp\catchme.sys [X]
S3 HSF_DPV; system32\DRIVERS\HSX_DPV.sys [X]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 winachsf; system32\DRIVERS\HSX_CNXT.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 14:21 - 2014-08-21 14:21 - 00003705 _____ () C:\Users\Petra\Desktop\JRT.txt
2014-08-21 14:16 - 2014-08-21 14:16 - 01016261 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
2014-08-21 14:16 - 2014-08-21 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 14:13 - 2014-08-21 14:13 - 00016939 _____ () C:\Users\Petra\Desktop\mbam.txt
2014-08-21 14:09 - 2014-08-21 14:09 - 00065536 ___HT () C:\Users\Petra\~Outlook.pst.tmp
2014-08-21 14:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-21 14:04 - 2014-08-21 14:06 - 00000000 ___DC () C:\AdwCleaner
2014-08-21 13:30 - 2014-08-21 13:30 - 01364531 _____ () C:\Users\Petra\Downloads\adwcleaner_3.308.exe
2014-08-21 11:05 - 2014-08-21 14:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 11:05 - 2014-08-21 11:05 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ___DC () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 11:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 11:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 11:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 11:03 - 2014-08-21 11:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00001107 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ___DC () C:\Program Files\Foxit Software
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-08-21 10:18 - 2014-08-21 10:18 - 16461048 _____ (Foxit Corporation ) C:\Users\Petra\Downloads\foxit-pdf-reader [1].exe
2014-08-21 10:17 - 2014-08-21 10:17 - 00752472 _____ ( ) C:\Users\Petra\Downloads\foxit-pdf-reader.exe
2014-08-20 16:03 - 2014-08-20 16:03 - 00033723 ____C () C:\ComboFix.txt
2014-08-20 15:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-20 15:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-20 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-20 15:31 - 2014-08-20 16:04 - 00000000 ___DC () C:\Qoobox
2014-08-20 15:30 - 2014-08-20 16:01 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 15:29 - 2014-08-20 15:30 - 05572251 ____R (Swearware) C:\Users\Petra\Downloads\ComboFix.exe
2014-08-20 14:12 - 2014-08-20 14:12 - 00001233 _____ () C:\Users\Petra\Desktop\Revo Uninstaller.lnk
2014-08-20 14:12 - 2014-08-20 14:12 - 00000000 ___DC () C:\Program Files\VS Revo Group
2014-08-20 08:18 - 2014-08-21 14:07 - 00133974 _____ () C:\Windows\PFRO.log
2014-08-20 08:18 - 2014-08-21 14:07 - 00000280 _____ () C:\Windows\setupact.log
2014-08-20 08:18 - 2014-08-20 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-19 16:35 - 2014-08-21 14:24 - 00012465 _____ () C:\Users\Petra\Downloads\FRST.txt
2014-08-19 16:34 - 2014-08-21 14:24 - 00000000 ___DC () C:\FRST
2014-08-19 16:33 - 2014-08-19 16:33 - 01093632 _____ (Farbar) C:\Users\Petra\Downloads\FRST.exe
2014-08-17 09:33 - 2014-08-19 16:13 - 00000000 ____D () C:\ProgramData\b089358267e0237d
2014-08-14 08:05 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 08:04 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 08:04 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 08:04 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 09:06 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 09:06 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 09:06 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 09:06 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 09:06 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 09:06 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 09:06 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 09:06 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 09:06 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 09:06 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 09:06 - 2014-07-16 04:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 09:06 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 09:06 - 2014-07-16 03:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 09:06 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 09:06 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:06 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 09:06 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 09:06 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 09:06 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 09:06 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 09:06 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 09:05 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 09:05 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 09:05 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 09:05 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 09:05 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 09:05 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 09:05 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-08 13:53 - 2014-08-08 13:54 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Petra\Downloads\FreeYouTubeToMP3Converter(2).exe
2014-08-07 20:53 - 2014-08-07 20:53 - 00000964 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-31 10:04 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 10:04 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 10:04 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 10:04 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 10:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 10:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-30 14:49 - 2014-07-30 18:36 - 00000000 ____D () C:\Users\Petra\Downloads\GSpot270a
2014-07-30 14:36 - 2014-07-30 14:36 - 00000000 ____D () C:\Users\Petra\Documents\GSpot270a
2014-07-30 14:35 - 2014-07-30 14:35 - 00411509 _____ () C:\Users\Petra\Downloads\GSpot270a.zip
2014-07-27 20:40 - 2014-07-27 20:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 20:35 - 2014-07-27 20:35 - 00001656 _____ () C:\Users\Public\Desktop\Free AVI Video Converter.lnk
2014-07-24 20:29 - 2014-07-24 20:29 - 00004608 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 14:25 - 2014-08-19 16:35 - 00012465 _____ () C:\Users\Petra\Downloads\FRST.txt
2014-08-21 14:24 - 2014-08-19 16:34 - 00000000 ___DC () C:\FRST
2014-08-21 14:21 - 2014-08-21 14:21 - 00003705 _____ () C:\Users\Petra\Desktop\JRT.txt
2014-08-21 14:20 - 2013-12-24 15:53 - 25666560 _____ () C:\Users\Petra\Outlook.pst
2014-08-21 14:17 - 2013-11-06 20:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 14:17 - 2013-05-31 07:17 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 14:16 - 2014-08-21 14:16 - 01016261 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
2014-08-21 14:16 - 2014-08-21 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 14:15 - 2009-07-14 06:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 14:15 - 2009-07-14 06:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 14:13 - 2014-08-21 14:13 - 00016939 _____ () C:\Users\Petra\Desktop\mbam.txt
2014-08-21 14:12 - 2013-03-29 16:22 - 01316309 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 14:10 - 2014-08-21 11:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 14:09 - 2014-08-21 14:09 - 00065536 ___HT () C:\Users\Petra\~Outlook.pst.tmp
2014-08-21 14:09 - 2013-03-29 16:33 - 00000000 ____D () C:\Users\Petra
2014-08-21 14:08 - 2013-06-24 10:30 - 00000000 ___RD () C:\Users\Petra\Dropbox
2014-08-21 14:08 - 2013-06-24 10:27 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Dropbox
2014-08-21 14:08 - 2013-05-31 07:17 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 14:07 - 2014-08-20 08:18 - 00133974 _____ () C:\Windows\PFRO.log
2014-08-21 14:07 - 2014-08-20 08:18 - 00000280 _____ () C:\Windows\setupact.log
2014-08-21 14:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 14:06 - 2014-08-21 14:04 - 00000000 ___DC () C:\AdwCleaner
2014-08-21 14:01 - 2012-08-23 09:22 - 00000000 ____D () C:\Windows\de
2014-08-21 14:01 - 2009-07-14 06:33 - 00409176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 13:30 - 2014-08-21 13:30 - 01364531 _____ () C:\Users\Petra\Downloads\adwcleaner_3.308.exe
2014-08-21 11:22 - 2012-08-23 18:00 - 00000000 ____D () C:\Windows\OEM
2014-08-21 11:05 - 2014-08-21 11:05 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ___DC () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 11:04 - 2014-08-21 11:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00001107 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ___DC () C:\Program Files\Foxit Software
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-08-21 10:18 - 2014-08-21 10:18 - 16461048 _____ (Foxit Corporation ) C:\Users\Petra\Downloads\foxit-pdf-reader [1].exe
2014-08-21 10:18 - 2013-11-26 19:36 - 00000000 ____D () C:\Users\Petra\AppData\Local\CrashDumps
2014-08-21 10:17 - 2014-08-21 10:17 - 00752472 _____ ( ) C:\Users\Petra\Downloads\foxit-pdf-reader.exe
2014-08-20 16:04 - 2014-08-20 15:31 - 00000000 ___DC () C:\Qoobox
2014-08-20 16:03 - 2014-08-20 16:03 - 00033723 ____C () C:\ComboFix.txt
2014-08-20 16:03 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-08-20 16:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-08-20 16:01 - 2014-08-20 15:30 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 15:59 - 2009-07-14 04:04 - 00000215 ____C () C:\Windows\system.ini
2014-08-20 15:49 - 2009-07-14 04:03 - 51642368 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-20 15:49 - 2009-07-14 04:03 - 16515072 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-20 15:49 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-20 15:49 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-20 15:49 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-20 15:30 - 2014-08-20 15:29 - 05572251 ____R (Swearware) C:\Users\Petra\Downloads\ComboFix.exe
2014-08-20 14:12 - 2014-08-20 14:12 - 00001233 _____ () C:\Users\Petra\Desktop\Revo Uninstaller.lnk
2014-08-20 14:12 - 2014-08-20 14:12 - 00000000 ___DC () C:\Program Files\VS Revo Group
2014-08-20 08:18 - 2014-08-20 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-19 16:33 - 2014-08-19 16:33 - 01093632 _____ (Farbar) C:\Users\Petra\Downloads\FRST.exe
2014-08-19 16:28 - 2014-01-22 15:18 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\inkscape
2014-08-19 16:15 - 2012-08-23 18:01 - 00000000 ____D () C:\Windows\Panther
2014-08-19 16:13 - 2014-08-17 09:33 - 00000000 ____D () C:\ProgramData\b089358267e0237d
2014-08-19 16:12 - 2013-04-27 19:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-19 16:07 - 2013-06-24 10:27 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 16:21 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 08:43 - 2013-05-31 07:22 - 00002128 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 21:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-14 08:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 08:26 - 2014-05-07 09:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 08:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-14 08:10 - 2013-04-07 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-08 13:59 - 2014-05-05 20:11 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-08-08 13:58 - 2013-05-20 21:00 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\DVDVideoSoft
2014-08-08 13:57 - 2013-05-20 21:01 - 00002283 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-08 13:54 - 2014-08-08 13:53 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Petra\Downloads\FreeYouTubeToMP3Converter(2).exe
2014-08-07 20:53 - 2014-08-07 20:53 - 00000964 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-07 20:53 - 2014-01-09 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-07 03:43 - 2014-08-13 09:06 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-13 09:06 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 15:49 - 2013-11-24 13:28 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\HpUpdate
2014-08-03 16:48 - 2013-11-21 12:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-31 09:55 - 2014-05-11 20:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 18:36 - 2014-07-30 14:49 - 00000000 ____D () C:\Users\Petra\Downloads\GSpot270a
2014-07-30 14:36 - 2014-07-30 14:36 - 00000000 ____D () C:\Users\Petra\Documents\GSpot270a
2014-07-30 14:35 - 2014-07-30 14:35 - 00411509 _____ () C:\Users\Petra\Downloads\GSpot270a.zip
2014-07-27 20:40 - 2014-07-27 20:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 20:35 - 2014-07-27 20:35 - 00001656 _____ () C:\Users\Public\Desktop\Free AVI Video Converter.lnk
2014-07-27 20:35 - 2013-05-20 21:01 - 00001208 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-27 20:32 - 2013-11-21 12:17 - 00001104 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-27 20:15 - 2014-04-20 20:58 - 00000578 _____ () C:\Users\Petra\Desktop\DVDStyler.lnk
2014-07-26 08:11 - 2012-08-23 08:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:09 - 2012-08-23 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:29 - 2014-07-24 20:29 - 00004608 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-24 20:07 - 2014-08-13 09:06 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 19:58 - 2014-08-13 09:06 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 19:57 - 2014-08-13 09:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 19:52 - 2014-08-13 09:06 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 19:51 - 2014-08-13 09:06 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 19:51 - 2014-08-13 09:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 19:50 - 2014-08-13 09:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 19:50 - 2014-08-13 09:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 19:49 - 2014-08-13 09:06 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 19:49 - 2014-08-13 09:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 19:48 - 2014-08-13 09:06 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 19:48 - 2014-08-13 09:06 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 19:48 - 2014-08-13 09:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 19:47 - 2014-08-13 09:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\temp\CloudBackup6268.exe
C:\Users\Petra\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxnczz.dll
C:\Users\Petra\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 09:56
==================== End Of Log ============================
lg Petra - bin überrascht was ich alles kann ! |
|
22.08.2014, 13:18
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 - Werbefenster öffnen sich überallESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.08.2014, 21:30
| #9 |
| | Windows 7 - Werbefenster öffnen sich überallCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3df0e1a6fd7c2f4b905158f3479d9cd8
# engine=19787
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-22 08:02:05
# local_time=2014-08-22 10:02:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 12143325 31718119 0 0
# scanned=166733
# found=51
# cleaned=0
# scan_time=9162
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra\AppData\Roaming\0F1F1C2Y1H1P1C0I0T\Foxit Reader Packages\uninstaller.exe.vir"
sh=AAEA2D2C15813161F9E114E6E1708CE545D5C8CA ft=1 fh=0022d452663e533e vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSenseLive\Update\SaveSenseLive.exe.vir"
sh=10903598F769E2AC5F1E2372E90F6722A3A860B7 ft=1 fh=89560075533c3d40 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=88482528CE4F67A1004B50BA93282CEACCEDE534 ft=1 fh=e40b702402e604d5 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir"
sh=70D49B9ABA391E6976DAB5C4BEA63733459B3F1C ft=1 fh=0b76a05977e7722a vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir"
sh=F09B9B9B1D16D1539D23CC6ACDE0DC7BC983DF59 ft=1 fh=2dbadf99ca2df2d7 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir"
sh=A5E3F508640EDB634C378CBF054CFED5D31EB6EB ft=1 fh=6cbbb63b96e95196 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=F13E89EB4B266266C781D119EF61D43A531F572E ft=1 fh=f4753109fd425d5c vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=0BFCC57D92BE5D592F192715663B5881583DCD91 ft=1 fh=c33b19cfb5833110 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=3A63F35D807A4ED2C989AF70D56EDA4701471AEA ft=1 fh=c78bba67b6b31d5a vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=21FEF8C9149B513AEEEB01B07F889431DCD9882B ft=1 fh=514ee34223cecbba vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E98350C0EC8B68DD5E2EFF54D0696B17F42B49AA ft=1 fh=ae7c022d12f5796d vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=F9D5F9CF729BB78318192DABD07C1B79FAC5E725 ft=1 fh=d760b971a4102f06 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=E56BC0B5E1977186872B6C7846EBD2A87325894B ft=1 fh=950fcdea9c93786f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=AF4D8A8F8DD7AA9E49B6E90D3E423000D7E4EDAD ft=1 fh=81c1049b16b8ad1c vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=E18E67AF494118B8B73EC4EC2269E89AA9C18237 ft=1 fh=d7d3a79201d8389a vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=58194D24471CA7888FCD01035E5845794FE6AC97 ft=1 fh=c71c00116b12b075 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\WinSpeed\WinSpeed.dll.vir"
sh=4F9C3763DFB97EE3C1072FD8931CCBFBE66003EF ft=1 fh=86510af3b79c7b30 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\WinSpeed\WinSpeedSvc.dll.vir"
sh=AAEA2D2C15813161F9E114E6E1708CE545D5C8CA ft=1 fh=0022d452663e533e vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Petra\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir"
sh=DEC9EFA1F4CE8558C3FB07A2041FA04CC712DDCC ft=1 fh=4a32bee255015d64 vn="Variante von Win32/InstallCore.OX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra\Downloads\foxit-pdf-reader.exe"
sh=09D7C13322C32E3A6E321A2694094BC66E81B3A4 ft=1 fh=255fa89cab5626e7 vn="Win32/Toolbar.Babylon.M evtl. unerwünschte Anwendung" ac=I fn="F:\Petra\AppData\Local\Temp\BEB9.tmp"
sh=035EF1A19AFC0D423C85505DB17D2859FAC2250F ft=1 fh=b94a471135a3d38b vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="F:\Petra\AppData\Roaming\BabSolution\Shared\BabMaint.exe"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="F:\Petra\AppData\Roaming\BabSolution\Shared\BUSolution.dll"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="F:\Petra\AppData\Roaming\OpenCandy\797CDFBD146149328E144678946C4E7A\DeltaTB.exe"
sh=A58FE6880A76C1364B17A235951ABE9C95FC7299 ft=1 fh=1ab78df13745b7f5 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files\Delta\delta\1.8.21.5\deltaApp.dll"
sh=D987048C3FF42F81F39E3B15E57F32AF7AA0BD00 ft=1 fh=47df87911e710cf9 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files\Delta\delta\1.8.21.5\deltaEng.dll"
sh=781F353EA130DCB9C496D35204CB5AB96C4DCCBF ft=1 fh=7e2601b6c3711131 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files\Delta\delta\1.8.21.5\deltasrv.exe"
sh=02515F710B884FF8B426B43DF8C9B05E943B6AED ft=1 fh=d9df6fa40224409d vn="Win32/Toolbar.Babylon.G evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll"
sh=AE0BF6A9D8E66B04214FEBB5BF4B086E8AA34498 ft=1 fh=502ed3b2eef6754b vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files\Delta\delta\1.8.21.5\uninstall.exe"
sh=DFB461F520B77E9CF268FDFBFFBBB624C7EA5064 ft=1 fh=0fb3be40d7aae6ee vn="Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll"
sh=C6F59FF745E3EE5D9E53E924BC7603A5FDFD7D34 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2013-12-01 194952\Backup Files 2013-12-01 194952\Backup files 1.zip"
sh=98C2B53D2FD744EFE8FE5404EC34BAC16639DD71 ft=0 fh=0000000000000000 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2013-12-01 194952\Backup Files 2013-12-08 190001\Backup files 1.zip"
sh=717B30DC4EE28E26EBFEC2898F7B8E14141568E3 ft=0 fh=0000000000000000 vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2013-12-01 194952\Backup Files 2013-12-29 190001\Backup files 1.zip"
sh=315FCF1C06E566087B05F421C8F86DE3B74DBFCF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-01-05 190000\Backup Files 2014-01-05 190000\Backup files 1.zip"
sh=C3AED488F8A33A9FC48AE7C7B2583B6852186F80 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-03-24 082831\Backup Files 2014-03-24 082831\Backup files 1.zip"
sh=C7EBE776C686C6A81E10F0F733C98EBD2E3BEB3B ft=0 fh=0000000000000000 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-03-24 082831\Backup Files 2014-04-13 190003\Backup files 1.zip"
sh=3B982B18EA6A0AA19C8779629CA60D99F1181409 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-03-24 082831\Backup Files 2014-04-20 202025\Backup files 1.zip"
sh=8033E53B2E9BC23DFD104CD8A17BABC0E99B91FA ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-03-24 082831\Backup Files 2014-04-27 194013\Backup files 1.zip"
sh=AD6BAABC9515000C88E9D6C17329FD6FBCD8ACB7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-03-24 082831\Backup Files 2014-05-11 195932\Backup files 1.zip"
sh=7EBF4D11C0B1379B8D1D69763A77C08D62E1FD93 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-05-18 191037\Backup Files 2014-05-18 191037\Backup files 1.zip"
sh=9366F9A85B947E6EA72FA8128DD530BE3CE96653 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-05-18 191037\Backup Files 2014-05-18 191037\Backup files 2.zip"
sh=0A8FC9E042C3DB8EDB9269589AE900CB6F395039 ft=0 fh=0000000000000000 vn="Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-05-18 191037\Backup Files 2014-05-18 191037\Backup files 3.zip"
sh=A4A1A00AC1D44A8354D4FBB444E86B0C95A7E5E0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-07-20 195637\Backup Files 2014-07-20 195637\Backup files 1.zip"
sh=3E6B059E73B4D7904ED87AEC78D6D90BC4D2AAD6 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-07-20 195637\Backup Files 2014-07-20 195637\Backup files 2.zip"
sh=8B26687D220240FE5988A3DB2BDC05052AA53738 ft=0 fh=0000000000000000 vn="Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-07-20 195637\Backup Files 2014-07-20 195637\Backup files 5.zip"
sh=7A71A2E996021885C4E066E7451C29717B2987A5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-07-20 195637\Backup Files 2014-08-11 084237\Backup files 1.zip"
sh=C64E986A5419EA45D9D64D60CAFEB0214265F4DB ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.PS evtl. unerwünschte Anwendung" ac=I fn="F:\PETRA-PC\Backup Set 2014-07-20 195637\Backup Files 2014-08-11 084237\Backup files 2.zip"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Petra (administrator) on PETRA-PC on 22-08-2014 22:28:29
Running from C:\Users\Petra\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Dropbox, Inc.) C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Users\Petra\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [64608 2012-05-30] (Lenovo)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2342200 2012-07-05] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKU\S-1-5-21-4103409644-2115618623-1480157512-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xABF32BFAA22CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Site Advisor - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-21]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-05-20]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31]
CHR Extension: (No Name) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop [2013-11-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134240 2012-05-30] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [273504 2012-05-30] (Lenovo)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [22840 2012-07-05] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [23608 2012-07-05] (Synaptics Incorporated)
R3 SWNC8U01; C:\Windows\System32\DRIVERS\SWNC8U01.sys [102144 2007-01-12] (Sierra Wireless Inc.)
R3 SWUMX01; C:\Windows\System32\DRIVERS\swumx01.sys [70656 2007-01-12] (Sierra Wireless Inc.)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52920 2014-04-21] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Petra\AppData\Local\Temp\catchme.sys [X]
S3 HSF_DPV; system32\DRIVERS\HSX_DPV.sys [X]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 winachsf; system32\DRIVERS\HSX_CNXT.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-22 22:28 - 2014-08-22 22:28 - 00000000 ____D () C:\Users\Petra\Downloads\FRST-OlderVersion
2014-08-22 22:25 - 2014-08-22 22:25 - 00854417 _____ () C:\Users\Petra\Downloads\SecurityCheck.exe
2014-08-22 22:22 - 2014-08-22 22:22 - 00065536 ___HT () C:\Users\Petra\~Outlook.pst.tmp
2014-08-22 19:25 - 2014-08-22 19:25 - 02347384 _____ (ESET) C:\Users\Petra\Downloads\esetsmartinstaller_deu.exe
2014-08-22 19:25 - 2014-08-22 19:25 - 00000000 ___DC () C:\Program Files\ESET
2014-08-21 14:16 - 2014-08-21 14:16 - 01016261 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
2014-08-21 14:16 - 2014-08-21 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 14:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-21 14:04 - 2014-08-21 14:06 - 00000000 ___DC () C:\AdwCleaner
2014-08-21 13:30 - 2014-08-21 13:30 - 01364531 _____ () C:\Users\Petra\Downloads\adwcleaner_3.308.exe
2014-08-21 11:05 - 2014-08-21 14:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 11:05 - 2014-08-21 11:05 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ___DC () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 11:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 11:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 11:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 11:03 - 2014-08-21 11:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00001107 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ___DC () C:\Program Files\Foxit Software
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-08-21 10:18 - 2014-08-21 10:18 - 16461048 _____ (Foxit Corporation ) C:\Users\Petra\Downloads\foxit-pdf-reader [1].exe
2014-08-21 10:17 - 2014-08-21 10:17 - 00752472 _____ ( ) C:\Users\Petra\Downloads\foxit-pdf-reader.exe
2014-08-20 16:03 - 2014-08-20 16:03 - 00033723 ____C () C:\ComboFix.txt
2014-08-20 15:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-20 15:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-20 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-20 15:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-20 15:31 - 2014-08-20 16:04 - 00000000 ___DC () C:\Qoobox
2014-08-20 15:30 - 2014-08-20 16:01 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 15:29 - 2014-08-20 15:30 - 05572251 ____R (Swearware) C:\Users\Petra\Downloads\ComboFix.exe
2014-08-20 14:12 - 2014-08-20 14:12 - 00001233 _____ () C:\Users\Petra\Desktop\Revo Uninstaller.lnk
2014-08-20 14:12 - 2014-08-20 14:12 - 00000000 ___DC () C:\Program Files\VS Revo Group
2014-08-20 08:18 - 2014-08-21 14:07 - 00133974 _____ () C:\Windows\PFRO.log
2014-08-20 08:18 - 2014-08-21 14:07 - 00000280 _____ () C:\Windows\setupact.log
2014-08-20 08:18 - 2014-08-20 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-19 16:35 - 2014-08-22 22:28 - 00013796 _____ () C:\Users\Petra\Downloads\FRST.txt
2014-08-19 16:34 - 2014-08-22 22:28 - 00000000 ___DC () C:\FRST
2014-08-19 16:33 - 2014-08-22 22:28 - 01094144 ____C (Farbar) C:\Users\Petra\Downloads\FRST.exe
2014-08-17 09:33 - 2014-08-19 16:13 - 00000000 ____D () C:\ProgramData\b089358267e0237d
2014-08-14 08:05 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 08:04 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 08:04 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 08:04 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 09:06 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 09:06 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 09:06 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 09:06 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 09:06 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 09:06 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 09:06 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 09:06 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 09:06 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 09:06 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 09:06 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 09:06 - 2014-07-16 04:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 09:06 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 09:06 - 2014-07-16 03:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 09:06 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 09:06 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:06 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 09:06 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 09:06 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 09:06 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 09:06 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 09:06 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 09:05 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 09:05 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 09:05 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 09:05 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 09:05 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 09:05 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 09:05 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 09:05 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 09:05 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-08 13:53 - 2014-08-08 13:54 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Petra\Downloads\FreeYouTubeToMP3Converter(2).exe
2014-08-07 20:53 - 2014-08-07 20:53 - 00000964 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-31 10:04 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 10:04 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 10:04 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 10:04 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 10:04 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 10:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 10:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-30 14:49 - 2014-07-30 18:36 - 00000000 ____D () C:\Users\Petra\Downloads\GSpot270a
2014-07-30 14:36 - 2014-07-30 14:36 - 00000000 ____D () C:\Users\Petra\Documents\GSpot270a
2014-07-30 14:35 - 2014-07-30 14:35 - 00411509 _____ () C:\Users\Petra\Downloads\GSpot270a.zip
2014-07-27 20:40 - 2014-07-27 20:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 20:35 - 2014-07-27 20:35 - 00001656 _____ () C:\Users\Public\Desktop\Free AVI Video Converter.lnk
2014-07-24 20:29 - 2014-07-24 20:29 - 00004608 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-22 22:29 - 2014-08-19 16:35 - 00013796 _____ () C:\Users\Petra\Downloads\FRST.txt
2014-08-22 22:28 - 2014-08-22 22:28 - 00000000 ____D () C:\Users\Petra\Downloads\FRST-OlderVersion
2014-08-22 22:28 - 2014-08-19 16:34 - 00000000 ___DC () C:\FRST
2014-08-22 22:28 - 2014-08-19 16:33 - 01094144 ____C (Farbar) C:\Users\Petra\Downloads\FRST.exe
2014-08-22 22:28 - 2013-12-24 15:53 - 25666560 _____ () C:\Users\Petra\Outlook.pst
2014-08-22 22:25 - 2014-08-22 22:25 - 00854417 _____ () C:\Users\Petra\Downloads\SecurityCheck.exe
2014-08-22 22:22 - 2014-08-22 22:22 - 00065536 ___HT () C:\Users\Petra\~Outlook.pst.tmp
2014-08-22 22:22 - 2013-03-29 16:33 - 00000000 ____D () C:\Users\Petra
2014-08-22 22:17 - 2013-11-06 20:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-22 22:17 - 2013-05-31 07:17 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-22 20:02 - 2013-03-29 16:22 - 01377165 _____ () C:\Windows\WindowsUpdate.log
2014-08-22 19:25 - 2014-08-22 19:25 - 02347384 _____ (ESET) C:\Users\Petra\Downloads\esetsmartinstaller_deu.exe
2014-08-22 19:25 - 2014-08-22 19:25 - 00000000 ___DC () C:\Program Files\ESET
2014-08-22 11:57 - 2013-05-31 07:17 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 16:44 - 2010-11-20 23:01 - 01648454 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 14:16 - 2014-08-21 14:16 - 01016261 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
2014-08-21 14:16 - 2014-08-21 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 14:15 - 2009-07-14 06:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 14:15 - 2009-07-14 06:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 14:10 - 2014-08-21 11:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 14:08 - 2013-06-24 10:30 - 00000000 ___RD () C:\Users\Petra\Dropbox
2014-08-21 14:08 - 2013-06-24 10:27 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Dropbox
2014-08-21 14:07 - 2014-08-20 08:18 - 00133974 _____ () C:\Windows\PFRO.log
2014-08-21 14:07 - 2014-08-20 08:18 - 00000280 _____ () C:\Windows\setupact.log
2014-08-21 14:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 14:06 - 2014-08-21 14:04 - 00000000 ___DC () C:\AdwCleaner
2014-08-21 14:01 - 2012-08-23 09:22 - 00000000 ____D () C:\Windows\de
2014-08-21 14:01 - 2009-07-14 06:33 - 00409176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 13:30 - 2014-08-21 13:30 - 01364531 _____ () C:\Users\Petra\Downloads\adwcleaner_3.308.exe
2014-08-21 11:23 - 2012-08-23 18:00 - 00000000 ____D () C:\Windows\OEM
2014-08-21 11:05 - 2014-08-21 11:05 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ___DC () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-21 11:05 - 2014-08-21 11:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 11:04 - 2014-08-21 11:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00001107 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ___DC () C:\Program Files\Foxit Software
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-08-21 10:18 - 2014-08-21 10:18 - 16461048 _____ (Foxit Corporation ) C:\Users\Petra\Downloads\foxit-pdf-reader [1].exe
2014-08-21 10:18 - 2013-11-26 19:36 - 00000000 ____D () C:\Users\Petra\AppData\Local\CrashDumps
2014-08-21 10:17 - 2014-08-21 10:17 - 00752472 _____ ( ) C:\Users\Petra\Downloads\foxit-pdf-reader.exe
2014-08-20 16:04 - 2014-08-20 15:31 - 00000000 ___DC () C:\Qoobox
2014-08-20 16:03 - 2014-08-20 16:03 - 00033723 ____C () C:\ComboFix.txt
2014-08-20 16:03 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-08-20 16:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-08-20 16:01 - 2014-08-20 15:30 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 15:59 - 2009-07-14 04:04 - 00000215 ____C () C:\Windows\system.ini
2014-08-20 15:49 - 2009-07-14 04:03 - 51642368 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-20 15:49 - 2009-07-14 04:03 - 16515072 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-20 15:49 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-20 15:49 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-20 15:49 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-20 15:30 - 2014-08-20 15:29 - 05572251 ____R (Swearware) C:\Users\Petra\Downloads\ComboFix.exe
2014-08-20 14:12 - 2014-08-20 14:12 - 00001233 _____ () C:\Users\Petra\Desktop\Revo Uninstaller.lnk
2014-08-20 14:12 - 2014-08-20 14:12 - 00000000 ___DC () C:\Program Files\VS Revo Group
2014-08-20 08:18 - 2014-08-20 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-19 16:28 - 2014-01-22 15:18 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\inkscape
2014-08-19 16:15 - 2012-08-23 18:01 - 00000000 ____D () C:\Windows\Panther
2014-08-19 16:13 - 2014-08-17 09:33 - 00000000 ____D () C:\ProgramData\b089358267e0237d
2014-08-19 16:12 - 2013-04-27 19:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-19 16:07 - 2013-06-24 10:27 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 08:43 - 2013-05-31 07:22 - 00002128 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 21:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-14 08:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 08:26 - 2014-05-07 09:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 08:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-14 08:10 - 2013-04-07 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-08 13:59 - 2014-05-05 20:11 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-08-08 13:58 - 2013-05-20 21:00 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\DVDVideoSoft
2014-08-08 13:57 - 2013-05-20 21:01 - 00002283 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-08-08 13:57 - 2013-05-20 21:00 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-08 13:54 - 2014-08-08 13:53 - 29553288 _____ (DVDVideoSoft Ltd. ) C:\Users\Petra\Downloads\FreeYouTubeToMP3Converter(2).exe
2014-08-07 20:53 - 2014-08-07 20:53 - 00000964 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-07 20:53 - 2014-01-09 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-07 03:43 - 2014-08-13 09:06 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-13 09:06 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 15:49 - 2013-11-24 13:28 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\HpUpdate
2014-08-03 16:48 - 2013-11-21 12:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-31 09:55 - 2014-05-11 20:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 18:36 - 2014-07-30 14:49 - 00000000 ____D () C:\Users\Petra\Downloads\GSpot270a
2014-07-30 14:36 - 2014-07-30 14:36 - 00000000 ____D () C:\Users\Petra\Documents\GSpot270a
2014-07-30 14:35 - 2014-07-30 14:35 - 00411509 _____ () C:\Users\Petra\Downloads\GSpot270a.zip
2014-07-27 20:40 - 2014-07-27 20:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 20:35 - 2014-07-27 20:35 - 00001656 _____ () C:\Users\Public\Desktop\Free AVI Video Converter.lnk
2014-07-27 20:35 - 2013-05-20 21:01 - 00001208 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-27 20:32 - 2013-11-21 12:17 - 00001104 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-27 20:15 - 2014-04-20 20:58 - 00000578 _____ () C:\Users\Petra\Desktop\DVDStyler.lnk
2014-07-26 08:11 - 2012-08-23 08:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:09 - 2012-08-23 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:29 - 2014-07-24 20:29 - 00004608 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-24 20:07 - 2014-08-13 09:06 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 19:58 - 2014-08-13 09:06 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 19:57 - 2014-08-13 09:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 19:52 - 2014-08-13 09:06 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 19:51 - 2014-08-13 09:06 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 19:51 - 2014-08-13 09:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 19:50 - 2014-08-13 09:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 19:50 - 2014-08-13 09:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 19:49 - 2014-08-13 09:06 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 19:49 - 2014-08-13 09:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 19:49 - 2014-08-13 09:05 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 19:48 - 2014-08-13 09:06 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 19:48 - 2014-08-13 09:06 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 19:48 - 2014-08-13 09:06 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 19:48 - 2014-08-13 09:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 19:47 - 2014-08-13 09:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\temp\CloudBackup6268.exe
C:\Users\Petra\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxnczz.dll
C:\Users\Petra\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 09:56
==================== End Of Log ============================
Nein Probleme hab ich seit gestern keine mehr - kannst du mir auch sagen wo ich mir das eingefangen haben könnte? Lg |
|
23.08.2014, 17:39
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 - Werbefenster öffnen sich überall Da war jede Menge Adware. Backup auf E löschen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.08.2014, 18:47
| #11 |
| | Windows 7 - Werbefenster öffnen sich überallCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:23-08-2014
Ran by Petra at 2014-08-23 19:43:04 Run:1
Running from C:\Users\Petra\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
==== End of Fixlog ====
|
|
24.08.2014, 06:52
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 - Werbefenster öffnen sich überall fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.08.2014, 07:24
| #13 |
| | Windows 7 - Werbefenster öffnen sich überall Hallo Schrauber- hab gerade gesehen dass auf verschiedenen Webseiten Wörter doppelt blau unterstrichen sind - wenn ich den Courser draufstelle erscheint ein Fenster - Update your Flashplayer??? fängt das jetzt schon wieder an ???? |
|
24.08.2014, 10:16
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 - Werbefenster öffnen sich überall In welchem Browser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.08.2014, 10:24
| #15 |
| | Windows 7 - Werbefenster öffnen sich überall Mozilla Firefox - außerdem soll ich immer irgendetwas neu updaten JAVA , Flash Player usw.- macht sich immer selbstständig auf Das ist vom uninstall Combofix - ist das so ok? Code:
ATTFilter ComboFix 14-08-24.01 - Petra 24.08.2014 8:32.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3062.1946 [GMT 2:00]
ausgeführt von:: c:\users\Petra\Downloads\uninstall.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-24 bis 2014-08-24 ))))))))))))))))))))))))))))))
.
.
2014-08-24 06:42 . 2014-08-24 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-23 17:59 . 2014-08-23 18:01 -------- d-----w- c:\windows\system32\MRT
2014-08-23 17:18 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0759764B-88A2-42B4-BB1B-9A13FB899820}\mpengine.dll
2014-08-22 11:56 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-21 12:16 . 2014-08-21 12:16 -------- d-----w- c:\windows\ERUNT
2014-08-21 12:05 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-21 12:04 . 2014-08-21 12:06 -------- dc----w- C:\AdwCleaner
2014-08-21 09:05 . 2014-08-21 12:10 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-21 09:05 . 2014-08-21 09:05 -------- dc----w- c:\program files\ Malwarebytes Anti-Malware
2014-08-21 09:05 . 2014-08-21 09:05 -------- d-----w- c:\programdata\Malwarebytes
2014-08-21 09:05 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-21 09:05 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-21 09:05 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-21 08:23 . 2014-08-21 08:23 -------- dc----w- c:\program files\Foxit Software
2014-08-20 13:49 . 2014-08-24 06:42 -------- d-----w- c:\users\Petra\AppData\Local\temp
2014-08-20 12:12 . 2014-08-20 12:12 -------- dc----w- c:\program files\VS Revo Group
2014-08-20 10:32 . 2014-08-20 10:31 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF33478A-8C1D-45E0-9359-71FF4BFBA164}\gapaengine.dll
2014-08-19 14:34 . 2014-08-23 17:43 -------- dc----w- C:\FRST
2014-08-17 07:33 . 2014-08-19 14:13 -------- d-----w- c:\programdata\b089358267e0237d
2014-08-14 06:05 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 06:04 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 06:04 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 06:04 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 07:05 . 2014-07-24 17:50 223232 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2014-07-31 08:04 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-07-31 08:04 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-31 08:04 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-31 08:04 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-07-31 08:04 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-07-31 08:04 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-07-31 08:04 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-07-31 08:04 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-31 08:04 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 10:17 . 2013-03-29 18:39 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 10:17 . 2013-03-29 18:39 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-18 01:51 . 2014-07-09 10:04 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-06 09:44 . 2014-07-09 10:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 10:03 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 10:03 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 10:03 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 10:03 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 10:03 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 10:03 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 10:04 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 10:03 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 10:04 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-02-10 20:19 . 2014-02-10 20:19 49940480 -c--a-w- c:\program files\GUT8DC9.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Petra\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2012-05-30 64608]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-05-16 4395104]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-07-05 2342200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
c:\users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-8-15 36414752]
Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN36RB5H2205RQ;CONNECTION=NW;MONITOR=1; [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver_AMDASF.sys [2012-07-05 22840]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2012-07-05 23608]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-30 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-05-16 25416]
S1 wStLibG;wStLibG;c:\windows\system32\drivers\wStLibG.sys [2014-04-21 52920]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-05-16 280640]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\DRIVERS\SWNC8U01.sys [2007-01-12 102144]
S3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\DRIVERS\swumx01.sys [2007-01-12 70656]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc FontCache Mcx2Svc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 06:38 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-06 10:17]
.
2014-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-31 05:17]
.
2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-31 05:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
mStart Page = www.google.com
uSearchAssistant = www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\tvr59cp9.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Foxit Reader Packages - c:\users\Petra\AppData\Roaming\0F1F1C2Y1H1P1C0I0T\Foxit Reader Packages\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-24 08:45:55
ComboFix-quarantined-files.txt 2014-08-24 06:45
ComboFix2.txt 2014-08-20 14:03
.
Vor Suchlauf: 14 Verzeichnis(se), 32.254.050.304 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 32.249.466.880 Bytes frei
.
- - End Of File - - 941EB42DF3D51B60E70B920009C50DA6
A36C5E4F47E84449FF07ED3517B43A31
|
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
