| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win Vista: Virus oder Registry durcheinander? Gruppenrichtilien blockieren / Programme lassen sich nicht installierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.08.2014, 12:44
| #1 |
 |  Win Vista: Virus oder Registry durcheinander? Gruppenrichtilien blockieren / Programme lassen sich nicht installieren Hallo liebes Trojaner-Board-Team, über eine Google-Suche bin ich auf dieses spannende Forum gestoßen. Nachdem ich selbst schon einiges probiert habe, hoffe ich, man kann mir hier weiterhelfen! Ich benutze Windows Vista Home Premium. Zum Virenschutz ist McAfee aktiv. Während ich McAfee stets aktuell gehalten habe, habe ich andere Updates vernachlässigt, weil ich mich durch McAfee (irrtümlich?) bereits geschützt sah. Ich las jedoch hier im Forum, dass es unerlässlich ist, auch Java-, Acrobat-, Windows- und Co Updates zeitnah aufzuspielen. Das habe ich inzwischen zwar nachgeholt, aber das hilft rückwirkend natürlich wenig. Das Elend begann vor etwas über einer Woche, als mir auffiel, dass meine McAfee Internet Security Suite nicht aktiv war. Versuchte ich sie zu starten, wurde dies mit der Meldung „Dieses Programm wurde durch eine Gruppenrichtlinie geblockt“ verhindert. Ich habe dann von McAfee ein zur Problemanalyse dienendes Tool namens „Virtual Technican“ geladen. Dieses Programm ließ sich im normalen Betrieb nicht starten – im abgesicherten Modus hingegen schon. Im abgesicherten Modus ließ sich auch die McAfee Suite starten. Einige Tage zuvor hatte ich den CCCleaner mein System einmal wieder bereinigen lassen. Auch die Registry hatte ich ihn aufräumen lassen. Ob hier ein Zusammenhang besteht, kann ich nicht abschätzen. Ich habe per Chat mit dem McAfee Support Kontakt aufgenommen. Dort hat man via Fernwartung meine Registry so aktualisiert, dass die McAfee Suite auch im normalen Windows-Betrieb wieder startete. Das ging alles so fix, dass ich nicht nachvollziehen konnte, was genau gemacht wurde. Anschließend habe ich einen kompletten Scan meines Systems durchgeführt. McAfee fand zahlreiche Viren – diese aber in Mails, die bereits im Junk-Mail-Ordner lagen (und darum auch nicht von mir geöffnet wurden). Gänzlich behoben war das Problem damit aber noch nicht. So konnte und kann ich z.B. das Programm Sandboxie nicht mehr starten – erneut blockieren die Gruppenrichtlinien. Wie ich inzwischen gelernt habe, gibt es keinen Gruppenlinieneditor in Vista Home Premium. Und Anleitungen, an welchen Stellen die Registry gefixt werden muss, habe ich vergeblich gesucht. Weil ein Unglück selten allein kommt, crashte mein Rechner am letzten Freitag. Ein langer und zwei kurze Piepstöne waren alles, was er beim Start von sich gab, was auf eine defekte Grafikkarte hindeutete. Einen Zusammenhang mit den eingangs geschilderten Problemen halte ich für unwahrscheinlich. Vermutlich dürfte eine Überhitzung des Rechners am Abend zuvor die Ursache sein (hatte ihn auf einem Stuhl mit einem Stoffbezug platziert, was wohl ungünstig für die Wärmeabfuhr war). Weil ich mein System möglichst schnell wieder haben wollte, bin ich einen ungewöhnlichen Weg gegangen: ich habe gebraucht ein Laptop der gleichen Marke gekauft (Acer Aspire 8730), was wegen des Alters des Geräts schneller und günstiger als jede professionelle Reparatur war. Dann habe ich die Festplatte meines alten Laptops in den neuen gebrauchten eingebaut. Das klappte nahezu problemlos. Der neue gebrauchte Laptop hat allerdings eine andere Grafikkarte (AMD Radeon HD 4650). Um diese richtig anzusteuern, habe ich die entsprechende „AMD Catalyst“ Software aus dem Netz geladen. Allerdings lässt sich diese nicht installieren. Die Installation läuft durch, meldet aber am Ende „es gab Probleme“, ohne diese näher zu spezifizieren. Die erhofften Tools sind auf dem System nicht zu finden. Ich kann mir vorstellen, dass hier erneut eine Schadsoftware und/oder falsche Gruppenrichtlinien die Installation verhindern. Daher muss ich aktuell mit einer niedrigen und vom Aspekt her verzerrten Auflösung vorlieb nehmen, da ich nur auf VGA-Standard-Treiber zurückgreifen kann. Über eine Google-Suche des „Gruppenrichtlinien“-Problems bin ich auf dieses Forum gestoßen. Ich habe zunächst einige Beiträge gelesen, in der Hoffnung, direkt eine Lösung zu finden, ohne einen eigenen Thread aufmachen zu müssen. Weil dies an anderer Stelle vorgeschlagen wurde, habe ich „ Malwarebytes Anti-Malware “ geladen und durchlaufen lassen. Das Programm fand einige Bedrohungen und behob diese. Weil die Probleme (Sandboxie startet nicht, Grafik-Treiber lassen sich nicht installieren) jedoch weiter bestanden, habe ich anschließend den „AdwCleaner“ und das „Junkware Removal Tool“ durchlaufen lassen. Der AdwCleaner hat leider mein „Babylon Übersetzungs-Tool“ vom System entfernt. Ich hätte hier wohl etwas genauer hinschauen sollen, was der Cleaner alles zu säubern gedenkt. Die entsprechenden Logdateien der Programme füge ich an. Als die Probleme meines Systems weiter bestanden, wurde mir langsam klar, dass ich das Elend nicht selbst in den Griff bekomme. Mir ist auch unklar, ob sich (noch) Schadsoftware auf meinem System befindet oder ob „nur“ einige Registry-Einträge vermurkst sind. Also habe ich der Board-Anleitung entsprechend Defogger, FRST und GMER angeworfen. Die Ergebnisse poste ich ebenfalls. Ich wollte auch die Ergebnisse eines ESET Online Scans hier einfügen. Ich habe das Programm gestern Nachmittag gestartet. Gegen Mitternacht war es erst zu 50% fertig. Heute früh hatte der Rechner neu gestartet, so dass mir keine Ergebnisse dieses Tools vorliegen. Weil ich ungern einen weiteren Tag auf ein Ergebnis warten möchte, das vielleicht gar nicht vonnöten ist, spare ich mir diesen Scan fürs erste. Ich bitte diese recht lang geratene Ausführung zu entschuldigen und hoffe, man kann mir an dieser Stelle weiterhelfen. Im Voraus möchte ich mir bei jedem bedanken, der das Interesse und die Aufmerksamkeit bis zu diesem Punkt aufrecht halten konnte.  Liebe Grüße Chris ---- Hier nun die LogFiles in der Reihenfolge, in der sie erstellt wurden: (Manche Logfiles muss ich in einen zweiten Post setzen, weil dieser sonst zu lang wäre) Malwarebytes Anti-Malware Scan Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 21.08.2014 Scan Time: 10:17:45 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.21.02 Rootkit Database: v2014.08.16.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: cek Scan Type: Threat Scan Result: Completed Objects Scanned: 403927 Time Elapsed: 14 min, 56 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 30 PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D782BB2-F2A5-11D3-BF4C-000000000000}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\INTERFACE\{DB1F5554-582C-4F53-82CC-458D2C04A2F1}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher.1, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\INPROCSERVER32, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO.1, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b87e43864f2c3402d5cc2f443cc68779], PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b87e43864f2c3402d5cc2f443cc68779], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b87e43864f2c3402d5cc2f443cc68779], PUP.Optional.SupTab.A, HKLM\SOFTWARE\supWPM, Quarantined, [86b020a9502b2610481f00e3f50dfe02], PUP.Optional.SweetPage.A, HKLM\SOFTWARE\sweet-pageSoftware, Quarantined, [ff374c7de09b92a487925be331d3bf41], PUP.Optional.NewTab.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pkndmigholgfjlniaohblojbhgjbkakn, Quarantined, [0333e4e5d6a53afca08afb150ef554ac], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [59dd7c4d2b5067cf8ea413225da75ba5], PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [ea4cf2d74d2e5adc580ec71c857dd52b], PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [a3939a2f93e853e364ed1ef57e85748c], PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [0432844533481e187119dd4c26dea25e], PUP.Optional.Qone8, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [e056caff73088da94ce55adb6d977a86], PUP.Optional.Softonic.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [e5518d3c5c1fef47fa78d230f211b050], Registry Values: 7 PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, VShareTB, Quarantined, [d0661aaf314a11253fef8df957ab6d93] PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [61d58c3d42391422220b8600a2608d73], PUP.Optional.Lightning.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|lightningnewtab@gmail.com, C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\extensions\lightningnewtab@gmail.com.xpi, Quarantined, [4ceacdfc4f2c1b1b9c8f50c0d42fa25e] PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, cor, Quarantined, [ea4cf2d74d2e5adc580ec71c857dd52b] Trojan.Agent.EV, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Users\cek\AppData\Roaming\Microsoft\Windows\IEUpdate\MdSched.exe", Quarantined, [86b0b9109ae14beb2f1a12d225ddd927] PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, Quarantined, [0432844533481e187119dd4c26dea25e] Hijack.Autorun, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Users\cek\AppData\Roaming\Microsoft\Windows\IEUpdate\MdSched.exe", Quarantined, [270f10b92556ed49d24f4ac94bb88878] Registry Data: 7 PUP.Optional.SweetPage.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Replaced,[04322c9d057600365e350dcda75d5aa6] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}),Replaced,[8fa7e1e8502b73c383125981867eca36] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}),Replaced,[e84e74556417f93d88edede21ce8768a] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Replaced,[4de98a3f2457171fade75486ce3604fc] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[84b2ad1ca8d3c4723fef5f7b976d5da3] PUP.Optional.SweetPage.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Replaced,[f4429039661542f418784c8eb054b749] Broken.OpenCommand, HKCR\regfile\shell\open\command, "regedit.exe" "Good: (regedit.exe "Bad: ("regedit.exe" "%1"),Replaced,[ffffffffffffffffffffffffffffffff]")", %4, %5 Folders: 3 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Quarantined, [af8708c1750648eeb3e5b10d17eb9e62], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [af8708c1750648eeb3e5b10d17eb9e62], PUP.Optional.SupTab.A, C:\Program Files\SupTab, Quarantined, [c07612b7afccda5ca3999941847e30d0], Files: 9 PUP.Optional.VShareRedir, C:\Program Files\StartSearch plugin\BarLcher.dll, Quarantined, [d0661aaf314a11253fef8df957ab6d93], PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_dvd-flick.exe, Quarantined, [4de919b0c3b813233d638090ad543ec2], PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_sothink-movie-dvd-maker.exe, Quarantined, [65d1bd0ccead95a1d0d01bf554ada759], PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_treesize.exe, Quarantined, [1521d2f7710a39fda00042ceb64bb848], PUP.Optional.QuickStart.A, C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, Quarantined, [ed4914b5a2d9d75f25b640a25aa8be42], PUP.Optional.SweetPage.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\sweet-page.xml, Quarantined, [bb7b9237215ab77fd54378c624e020e0], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, [af8708c1750648eeb3e5b10d17eb9e62], PUP.Optional.SupTab.A, C:\Program Files\SupTab\SupTab.dll, Quarantined, [c07612b7afccda5ca3999941847e30d0], PUP.Optional.SweetPage.A, C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727",), Replaced,[0c2af6d3710acb6b97fadd2f7b8a15eb] Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 21.08.2014 09:50:59, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Starting, Protection, 21.08.2014 09:50:59, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Started, Protection, 21.08.2014 09:50:59, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, Protection, 21.08.2014 09:53:27, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, Update, 21.08.2014 10:16:00, SYSTEM, HANAUMA_BAY, Manual, Rootkit Database, 2014.2.20.1, 2014.8.16.1, Update, 21.08.2014 10:16:15, SYSTEM, HANAUMA_BAY, Manual, Malware Database, 2014.3.4.9, 2014.8.21.2, Protection, 21.08.2014 10:36:49, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Starting, Protection, 21.08.2014 10:36:50, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Started, Protection, 21.08.2014 10:36:50, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, Protection, 21.08.2014 10:38:16, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, Protection, 21.08.2014 16:00:44, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Starting, Protection, 21.08.2014 16:00:44, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Started, Protection, 21.08.2014 16:00:45, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, Protection, 21.08.2014 16:03:43, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, Update, 21.08.2014 16:41:03, SYSTEM, HANAUMA_BAY, Scheduler, Malware Database, 2014.8.21.2, 2014.8.21.4, Protection, 21.08.2014 16:41:13, SYSTEM, HANAUMA_BAY, Protection, Refresh, Starting, Protection, 21.08.2014 16:41:13, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, Protection, 21.08.2014 16:41:13, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, Protection, 21.08.2014 16:41:50, SYSTEM, HANAUMA_BAY, Protection, Refresh, Success, Protection, 21.08.2014 16:41:50, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, Protection, 21.08.2014 16:42:03, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, Update, 21.08.2014 17:42:15, SYSTEM, HANAUMA_BAY, Scheduler, Malware Database, 2014.8.21.4, 2014.8.21.5, Protection, 21.08.2014 17:42:16, SYSTEM, HANAUMA_BAY, Protection, Refresh, Starting, Protection, 21.08.2014 17:42:16, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, Protection, 21.08.2014 17:42:16, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, Protection, 21.08.2014 17:42:55, SYSTEM, HANAUMA_BAY, Protection, Refresh, Success, Protection, 21.08.2014 17:42:55, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, Protection, 21.08.2014 17:43:53, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, Update, 21.08.2014 19:45:56, SYSTEM, HANAUMA_BAY, Scheduler, Malware Database, 2014.8.21.5, 2014.8.21.6, Protection, 21.08.2014 19:45:57, SYSTEM, HANAUMA_BAY, Protection, Refresh, Starting, Protection, 21.08.2014 19:45:57, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, Protection, 21.08.2014 19:45:57, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, Protection, 21.08.2014 19:46:54, SYSTEM, HANAUMA_BAY, Protection, Refresh, Success, Protection, 21.08.2014 19:46:54, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, Protection, 21.08.2014 19:47:39, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, Detection, 21.08.2014 20:31:57, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, IP, 93.115.81.237, serienjunkies.org, 0, Outbound, Protection, 21.08.2014 20:32:33, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, Protection, 21.08.2014 20:32:34, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, Protection, 21.08.2014 20:32:34, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Stopping, Protection, 21.08.2014 20:33:12, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Stopped, Protection, 21.08.2014 20:53:01, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Starting, Protection, 21.08.2014 20:53:01, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Started, Protection, 21.08.2014 20:53:01, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, Update, 21.08.2014 20:53:31, SYSTEM, HANAUMA_BAY, Scheduler, Malware Database, 2014.8.21.6, 2014.8.21.7, Protection, 21.08.2014 20:54:33, SYSTEM, HANAUMA_BAY, Protection, Refresh, Starting, Protection, 21.08.2014 20:54:34, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, Protection, 21.08.2014 20:54:34, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, Protection, 21.08.2014 20:54:34, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, Protection, 21.08.2014 20:54:40, SYSTEM, HANAUMA_BAY, Protection, Refresh, Success, Protection, 21.08.2014 20:54:40, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, Protection, 21.08.2014 20:54:40, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, (end) AdwCleaner[R0].txt Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 21/08/2014 um 10:54:36
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : cek - HANAUMA_BAY
# Gestartet von : D:\___________\adwcleaner_3.308.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gefunden : C:\Users\cek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
Datei Gefunden : C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi
Datei Gefunden : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pj8ad90r.default\.autoreg
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files\Convesoft
Ordner Gefunden : C:\Program Files\StartSearch plugin
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\cek\AppData\Local\Babylon
Ordner Gefunden : C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Ordner Gefunden : C:\Users\cek\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Chris\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Chris\AppData\Local\Temp\Babylon
Ordner Gefunden : C:\Users\Chris\AppData\Roaming\Babylon
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Gefunden : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727 )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727 )
Verknüpfung Gefunden : C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727 )
Verknüpfung Gefunden : C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727 )
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command [(Default)] - "C:\Program Files\Safari\Safari.exe" hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727
Schlüssel Gefunden : HKCU\Software\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gefunden : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\STool
Schlüssel Gefunden : HKCU\Software\vShare.tv
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16457
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\prefs.js ]
[ Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pj8ad90r.default\prefs.js ]
-\\ Google Chrome v36.0.1985.143
[ Datei : C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
Gefunden [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
Gefunden [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gefunden [Extension] : kpionmjnkbpcdpcflammlgllecmejgjj
Gefunden [Extension] : pkndmigholgfjlniaohblojbhgjbkakn
*************************
AdwCleaner[R0].txt - [8245 octets] - [21/08/2014 10:54:36]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8305 octets] ##########
Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 21/08/2014 um 11:03:34
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : cek - HANAUMA_BAY
# Gestartet von : D:\___________\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Program Files\Convesoft
Ordner Gelöscht : C:\Program Files\StartSearch plugin
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\cek\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\cek\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Temp\Babylon
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Datei Gelöscht : C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi
Datei Gelöscht : C:\Users\cek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pj8ad90r.default\.autoreg
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\STool
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16457
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\prefs.js ]
[ Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pj8ad90r.default\prefs.js ]
-\\ Google Chrome v36.0.1985.143
[ Datei : C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : kpionmjnkbpcdpcflammlgllecmejgjj
Gelöscht [Extension] : pkndmigholgfjlniaohblojbhgjbkakn
*************************
AdwCleaner[R0].txt - [8385 octets] - [21/08/2014 10:54:36]
AdwCleaner[S0].txt - [7739 octets] - [21/08/2014 11:03:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7799 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by cek on 21.08.2014 at 11:20:07,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Program Files\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\cek\AppData\Roaming\thinstall"
~~~ FireFox
Emptied folder: C:\Users\cek\AppData\Roaming\mozilla\firefox\profiles\mpq4xo1a.default-1388938982893\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.08.2014 at 11:26:29,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2014 Ran by cek (administrator) on HANAUMA_BAY on 22-08-2014 10:08:56 Running from D:\___________ Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apache Software Foundation) D:\xampp\apache\bin\apache.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\Program Files\FileZilla Server\FileZilla server.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamscheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Acer\Mobility Center\MobilityService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe () D:\xampp\mysql\bin\mysqld.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (Apache Software Foundation) D:\xampp\apache\bin\apache.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (BitTorrent Inc.) C:\Users\cek\AppData\Roaming\uTorrent\uTorrent.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Realtek Semiconductor Corp.) C:\Users\cek\AppData\Local\Temp\RtkBtMnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\wuauclt.exe () D:\___________\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor) HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [417792 2008-11-28] (Acer Inc.) HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated) HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated) HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-10-08] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [173352 2009-03-18] (CyberLink) HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.) HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\System32\M-AudioTaskBarIcon.exe [356864 2008-05-15] (Avid Technology, Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM Group Policy restriction on software: C:\Program Files\Sandboxie <====== ATTENTION HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Run: [uTorrent] => C:\Users\cek\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.) HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\MountPoints2: {8971c6a0-972b-11de-bcaf-00216b684c4c} - G:\QsSetup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.) BootExecute: autocheck autochk /p \??\F:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: 38.80.72.216:2066 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: FG2CatchUrl -> {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} -> C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: FDMIECookiesBHO Class -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll () Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893 FF NewTab: chrome://lightning/content/newtab.html FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\cek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\cek\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\cek\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\Extensions\1391865204_xpi [2014-02-08] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-03] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-10-26] FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-30] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2010-10-26] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: CHR StartupUrls: "hxxp://google.de/" CHR DefaultSearchKeyword: sweet-page CHR DefaultSearchURL: hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms} CHR DefaultSuggestURL: CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (vShare.tv plug-in) - C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-09] CHR Extension: (Google Drive) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-09] CHR Extension: (YouTube) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-09] CHR Extension: (Google-Suche) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-09] CHR Extension: (SiteAdvisor) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-03-09] CHR Extension: (EditThisCookie) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2013-03-09] CHR Extension: (Premium Cookie Injector (Multi-Server)) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglhnookgghcefjamdoakhhfamnhodpd [2013-03-09] CHR Extension: (No Name) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2013-03-09] CHR Extension: (Google Wallet) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Google Mail) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-09] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-03-09] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apache2.2; d:\xampp\apache\bin\apache.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed] R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed] R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed] R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed] R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [531968 2006-01-11] () [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-04-05] (Macrovision Europe Ltd.) [File not signed] R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mysql; d:\xampp\mysql\bin\mysqld.exe [6447744 2008-11-15] () R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed] R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-08-25] (SANDBOXIE L.T.D) S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-05-13] (WiseCleaner.com) S2 TeamViewer9; "C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.) R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.) R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O) [File not signed] R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG) S3 gtstusbser; C:\Windows\System32\DRIVERS\gtstusbser.sys [103552 2008-11-18] (Option N.V.) R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [54328 2009-12-23] (PACE Anti-Piracy, Inc.) S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [94336 2010-02-03] (ITE ) S3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [10880 2008-01-27] (nerds.de) [File not signed] S3 MADFU003; C:\Windows\System32\DRIVERS\MADFU003.sys [75912 2008-03-14] (M-Audio) S3 MAUSBAP; C:\Windows\System32\DRIVERS\mausbap.sys [143624 2008-03-14] (Avid Technology, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-22] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.) R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [62544 2011-10-21] () R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation) S3 RDID1027; C:\Windows\System32\Drivers\rdwm1027.sys [56832 2007-01-22] (Roland Corporation) S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation) R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed] R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed] R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D) R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.) [File not signed] S3 USBNP4X4; C:\Windows\System32\drivers\usbnp4x4.sys [29000 2008-03-14] (Doug Fetter Software Wizardry) S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [33736 2009-08-04] (Yamaha Corporation) S3 gbxavs; System32\Drivers\gbxavs.sys [X] S3 gbxusb; System32\Drivers\gbxusb.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 10:08 - 2014-08-22 10:09 - 00000000 ____D () C:\FRST 2014-08-22 10:04 - 2014-08-22 10:04 - 00000000 _____ () C:\Users\cek\defogger_reenable 2014-08-22 03:22 - 2014-08-22 03:22 - 00135464 _____ () C:\Windows\Minidump\Mini082214-03.dmp 2014-08-22 02:56 - 2014-08-22 02:56 - 00135464 _____ () C:\Windows\Minidump\Mini082214-02.dmp 2014-08-22 02:42 - 2014-08-22 02:42 - 00141640 _____ () C:\Windows\Minidump\Mini082214-01.dmp 2014-08-21 12:11 - 2014-08-21 12:11 - 00000000 ____D () C:\Program Files\ESET 2014-08-21 11:47 - 2010-02-18 09:18 - 00037944 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox86.sys 2014-08-21 11:26 - 2014-08-21 11:26 - 00000958 _____ () C:\Users\cek\Desktop\JRT.txt 2014-08-21 11:20 - 2014-08-21 11:20 - 00000000 ____D () C:\Windows\ERUNT 2014-08-21 10:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-21 10:54 - 2014-08-21 11:04 - 00000000 ____D () C:\AdwCleaner 2014-08-21 09:50 - 2014-08-22 00:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-21 09:50 - 2014-08-21 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\Program Files\AntiVirus 2014-08-21 09:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-21 09:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-21 09:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-19 14:07 - 2014-08-21 11:49 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-08-19 13:57 - 2014-08-19 13:57 - 00000000 ____D () C:\ATI 2014-08-19 13:55 - 2014-08-19 13:57 - 65077648 _____ (Advanced Micro Devices, Inc.) C:\Users\cek\Desktop\11-8_vista32_win7_32_dd_ccc_ocl.exe 2014-08-19 12:39 - 2014-08-19 12:39 - 00135264 _____ () C:\Windows\Minidump\Mini081914-01.dmp 2014-08-19 12:38 - 2014-08-19 11:58 - 00000000 ____D () C:\Program Files\SIWPortable 2014-08-19 11:54 - 2014-08-19 11:54 - 00000000 ____D () C:\Program Files\AMD APP 2014-08-19 11:52 - 2014-08-19 11:52 - 00000000 ____D () C:\Program Files\ATI 2014-08-19 11:50 - 2014-08-19 11:50 - 00000000 ____D () C:\AMD 2014-08-19 11:42 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-08-14 09:56 - 2014-08-14 09:56 - 00000000 ____D () C:\Program Files\Citrix 2014-08-14 09:55 - 2014-08-14 09:55 - 00103832 _____ () C:\Users\cek\GoToAssistDownloadHelper.exe 2014-08-14 09:55 - 2014-08-14 09:55 - 00000000 ____D () C:\Users\cek\AppData\Local\Citrix 2014-08-13 18:15 - 2014-08-21 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-13 12:47 - 2014-08-13 12:47 - 01056768 _____ () C:\Windows\system32\defltbase.sdb 2014-08-13 10:29 - 2014-08-13 10:30 - 00000000 ____D () C:\Program Files\QuickTime 2014-08-13 10:29 - 2014-08-13 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-08-13 10:18 - 2014-08-13 10:17 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-13 10:17 - 2014-08-13 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-13 10:13 - 2014-08-13 10:18 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-13 10:13 - 2014-08-13 10:13 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-13 10:12 - 2014-08-13 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-13 10:12 - 2014-08-13 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-13 10:12 - 2014-08-13 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-12 01:30 - 2014-08-12 01:30 - 00000512 _____ () C:\Users\cek\Documents\0C014300 2014-08-10 14:11 - 2014-08-11 09:40 - 00000000 ____D () C:\ProgramData\IjjaWikna 2014-08-10 10:38 - 2014-08-10 10:37 - 04635304 _____ () C:\Users\cek\Downloads\gunsetup_CB-DL-Manager [1].exe 2014-07-23 10:21 - 2014-07-23 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 10:13 - 2013-08-01 18:08 - 00000000 ____D () C:\Users\cek\AppData\Roaming\uTorrent 2014-08-22 10:09 - 2014-08-22 10:08 - 00000000 ____D () C:\FRST 2014-08-22 10:04 - 2014-08-22 10:04 - 00000000 _____ () C:\Users\cek\defogger_reenable 2014-08-22 10:04 - 2009-04-03 14:39 - 00000000 ____D () C:\Users\cek 2014-08-22 10:02 - 2013-05-19 17:12 - 01332425 _____ () C:\Windows\WindowsUpdate.log 2014-08-22 09:42 - 2014-01-19 19:51 - 00008268 _____ () C:\Users\cek\AppData\Local\d3d9caps.dat 2014-08-22 09:42 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\cek\AppData\Roaming\Wise Care 365 2014-08-22 09:40 - 2010-02-05 14:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-22 09:39 - 2014-06-08 23:50 - 01371778 _____ () C:\Windows\PFRO.log 2014-08-22 09:39 - 2009-01-22 20:14 - 00000147 _____ () C:\Windows\system32\agent.log 2014-08-22 09:39 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-22 09:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-22 09:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-22 09:25 - 2014-06-17 05:20 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000UA1cf89db1459b420.job 2014-08-22 09:25 - 2014-05-08 14:14 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6ab7b355e00.job 2014-08-22 05:25 - 2014-05-08 20:14 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000Core1cf6ae95534ed90.job 2014-08-22 03:22 - 2014-08-22 03:22 - 00135464 _____ () C:\Windows\Minidump\Mini082214-03.dmp 2014-08-22 03:22 - 2014-07-15 00:56 - 290107590 _____ () C:\Windows\MEMORY.DMP 2014-08-22 03:22 - 2009-05-13 13:18 - 00000000 ____D () C:\Windows\Minidump 2014-08-22 02:56 - 2014-08-22 02:56 - 00135464 _____ () C:\Windows\Minidump\Mini082214-02.dmp 2014-08-22 02:42 - 2014-08-22 02:42 - 00141640 _____ () C:\Windows\Minidump\Mini082214-01.dmp 2014-08-22 02:02 - 2009-04-05 13:11 - 00000000 ____D () C:\Users\cek\AppData\Local\Adobe 2014-08-22 00:14 - 2014-08-21 09:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-21 23:39 - 2012-01-26 01:29 - 00096768 _____ () C:\Users\cek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-21 23:39 - 2009-04-30 12:51 - 00000000 ____D () C:\Users\cek\AppData\Roaming\vlc 2014-08-21 22:04 - 2014-02-08 15:14 - 00000000 ____D () C:\Users\cek\AppData\Local\JDownloader v2.0 2014-08-21 21:46 - 2014-08-13 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-21 20:40 - 2009-06-04 13:27 - 00444928 _____ () C:\Users\cek\Documents\tv2.xls 2014-08-21 15:14 - 2006-11-02 12:33 - 01747560 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-21 14:22 - 2013-04-02 18:10 - 00000000 ____D () C:\Users\cek\Documents\Rechnungen 2013 2014-08-21 13:48 - 2012-10-08 19:53 - 00000000 ____D () C:\ProgramData\Protexis 2014-08-21 12:11 - 2014-08-21 12:11 - 00000000 ____D () C:\Program Files\ESET 2014-08-21 11:59 - 2006-11-02 15:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-21 11:49 - 2014-08-19 14:07 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-08-21 11:26 - 2014-08-21 11:26 - 00000958 _____ () C:\Users\cek\Desktop\JRT.txt 2014-08-21 11:20 - 2014-08-21 11:20 - 00000000 ____D () C:\Windows\ERUNT 2014-08-21 11:04 - 2014-08-21 10:54 - 00000000 ____D () C:\AdwCleaner 2014-08-21 11:03 - 2013-03-09 14:37 - 00001071 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-21 11:03 - 2013-03-09 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-08-21 11:03 - 2010-06-27 12:08 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-08-21 11:03 - 2009-04-03 14:42 - 00000975 _____ () C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-21 10:36 - 2006-11-02 13:18 - 00000000 ___RD () C:\Windows\Offline Web Pages 2014-08-21 10:10 - 2009-06-27 19:30 - 00000000 ____D () C:\Users\cek\AppData\Roaming\dvdcss 2014-08-21 09:50 - 2014-08-21 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\Program Files\AntiVirus 2014-08-21 09:45 - 2009-01-22 20:12 - 00001024 ___RH () C:\Users\Public\Documents\NTIMP3.dll 2014-08-20 15:19 - 2014-01-07 13:23 - 00000000 ____D () C:\Users\cek\Documents\Rechnungen 2014 2014-08-19 17:25 - 2013-09-17 00:04 - 00001456 _____ () C:\Users\cek\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2014-08-19 14:33 - 2014-06-30 11:56 - 00002087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2014-08-19 14:33 - 2014-06-30 11:56 - 00001926 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2014-08-19 14:33 - 2014-06-30 11:55 - 00002437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2014-08-19 13:57 - 2014-08-19 13:57 - 00000000 ____D () C:\ATI 2014-08-19 13:57 - 2014-08-19 13:55 - 65077648 _____ (Advanced Micro Devices, Inc.) C:\Users\cek\Desktop\11-8_vista32_win7_32_dd_ccc_ocl.exe 2014-08-19 13:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-19 12:39 - 2014-08-19 12:39 - 00135264 _____ () C:\Windows\Minidump\Mini081914-01.dmp 2014-08-19 11:58 - 2014-08-19 12:38 - 00000000 ____D () C:\Program Files\SIWPortable 2014-08-19 11:54 - 2014-08-19 11:54 - 00000000 ____D () C:\Program Files\AMD APP 2014-08-19 11:52 - 2014-08-19 11:52 - 00000000 ____D () C:\Program Files\ATI 2014-08-19 11:50 - 2014-08-19 11:50 - 00000000 ____D () C:\AMD 2014-08-15 00:43 - 2009-04-03 16:24 - 00086015 _____ () C:\ProgramData\nvModes.001 2014-08-15 00:19 - 2009-04-03 16:24 - 00086015 _____ () C:\ProgramData\nvModes.dat 2014-08-14 09:56 - 2014-08-14 09:56 - 00000000 ____D () C:\Program Files\Citrix 2014-08-14 09:55 - 2014-08-14 09:55 - 00103832 _____ () C:\Users\cek\GoToAssistDownloadHelper.exe 2014-08-14 09:55 - 2014-08-14 09:55 - 00000000 ____D () C:\Users\cek\AppData\Local\Citrix 2014-08-13 23:11 - 2009-07-04 17:31 - 00000984 _____ () C:\Users\cek\AppData\Local\7F68A003.il 2014-08-13 23:11 - 2009-07-04 17:31 - 00000280 _____ () C:\Users\cek\AppData\Local\IndexIE_7F68A003.il 2014-08-13 14:42 - 2010-10-26 14:04 - 00000000 ____D () C:\Program Files\McAfee 2014-08-13 14:42 - 2010-10-26 13:46 - 00000000 ____D () C:\ProgramData\McAfee 2014-08-13 12:47 - 2014-08-13 12:47 - 01056768 _____ () C:\Windows\system32\defltbase.sdb 2014-08-13 10:30 - 2014-08-13 10:29 - 00000000 ____D () C:\Program Files\QuickTime 2014-08-13 10:29 - 2014-08-13 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-08-13 10:18 - 2014-08-13 10:13 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-13 10:17 - 2014-08-13 10:18 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-13 10:17 - 2014-08-13 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-13 10:17 - 2014-08-13 10:12 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-13 10:17 - 2014-08-13 10:12 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-13 10:13 - 2014-08-13 10:13 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-13 10:12 - 2014-08-13 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-13 09:20 - 2009-04-03 18:34 - 00000000 ____D () C:\Users\cek\ZDE 2014-08-12 10:33 - 2010-11-13 14:52 - 00106776 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2014-08-12 10:30 - 2010-11-13 14:51 - 00008224 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-12 10:29 - 2010-11-13 14:51 - 00000948 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-12 01:30 - 2014-08-12 01:30 - 00000512 _____ () C:\Users\cek\Documents\0C014300 2014-08-12 01:23 - 2012-02-09 16:38 - 00000000 ____D () C:\Program Files\PS3 Media Server 2014-08-11 09:40 - 2014-08-10 14:11 - 00000000 ____D () C:\ProgramData\IjjaWikna 2014-08-10 14:25 - 2012-10-08 19:05 - 00002032 _____ () C:\Windows\Sandboxie.ini 2014-08-10 11:28 - 2014-02-01 15:44 - 00000000 ____D () C:\_BURN_ME 2014-08-10 11:07 - 2009-07-06 10:38 - 00000000 ____D () C:\Users\cek\AppData\Local\QuickPar 2014-08-10 10:44 - 2012-04-22 16:51 - 00000000 ____D () C:\_download 2014-08-10 10:37 - 2014-08-10 10:38 - 04635304 _____ () C:\Users\cek\Downloads\gunsetup_CB-DL-Manager [1].exe 2014-08-10 09:55 - 2010-10-28 00:05 - 00011078 _____ () C:\Users\cek\Documents\Dokument2.txt 2014-08-09 23:55 - 2006-11-02 14:47 - 03991080 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-09 23:52 - 2014-07-17 21:14 - 00000024 _____ () C:\Windows\5D90C6C72EA89A63.log 2014-08-09 19:23 - 2010-08-18 00:58 - 00000085 ___SH () C:\ProgramData\.zreglib 2014-08-08 14:55 - 2009-04-03 20:47 - 00000000 ____D () C:\Users\cek\AppData\Roaming\BPFTP 2014-08-08 14:28 - 2009-04-03 14:41 - 00106776 _____ () C:\Users\cek\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-27 18:50 - 2010-10-26 14:04 - 00000000 ____D () C:\Program Files\Common Files\Mcafee 2014-07-25 12:25 - 2012-05-30 17:03 - 00000000 ____D () C:\_cek 2014-07-24 16:25 - 2012-04-26 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-23 10:21 - 2014-07-23 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox Some content of TEMP: ==================== C:\Users\cek\AppData\Local\Temp\proxy_vole5865047882025749136.dll C:\Users\cek\AppData\Local\Temp\Quarantine.exe C:\Users\cek\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Chris\AppData\Local\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-22 09:47 ==================== End Of Log ============================ --- --- --- --- --- --- |
| Themen zu Win Vista: Virus oder Registry durcheinander? Gruppenrichtilien blockieren / Programme lassen sich nicht installieren |
| acer aspire, amd radeon, broken.opencommand, dieses programm wurde durch eine gruppenrichtlinie geblockt, free download, gruppenrichtlinie gesperrt, hijack.autorun, hkcr\regfile\shell\open\command, java/exploit.agent.nac, junkware, outbound, pup.optional.iepluginservice.a, pup.optional.installcore.a, pup.optional.lightning.a, pup.optional.newtab.a, pup.optional.qone8, pup.optional.quickstart.a, pup.optional.softonic, pup.optional.softonic.a, pup.optional.suptab.a, pup.optional.sweetpage.a, pup.optional.vshareredir, refresh, registrierungsdatenbank, sweet-page, sweetpage, sweetpage entfernen, trojan.agent.ev, vista32, win32/downloadadmin.g, win32/downloadsponsor.a, win32/packed.themida, win32/toolbar.conduit.a, win32/toolbar.conduit.b, win32/topmedia.a |
Baum-Darstellung